{"acronym":"MCH2022","aspect_ratio":"16:9","updated_at":"2026-04-04T12:30:06.272+02:00","title":"May Contain Hackers 2022","schedule_url":"https://program.mch2022.org/mch2022/schedule/export/schedule.xml","slug":"conferences/camp-NL/mch2022","event_last_released_at":"2023-02-17T00:00:00.000+01:00","link":"https://mch2022.org/","description":"MCH2022 was a nonprofit outdoor hacker camp taking place in Zeewolde, the Netherlands, July 22 to 26 2022. The event is organized for and by volunteers from and around all facets of the worldwide hacker community.\r\n\r\nKnowledge sharing, technological advancement, experimentation, connecting with your hacker peers and hacking are some of the core values of this event.\r\n\r\nMCH2022 is the successor of a string of similar events happening every four years since 1989. These are GHP, HEU, HIP, HAL, WTH, HAR, OHM and SHA.","webgen_location":"conferences/camp-NL/mch2022","logo_url":"https://static.media.ccc.de/media/events/MCH2022/logo.png","images_url":"https://static.media.ccc.de/media/events/MCH2022","recordings_url":"https://cdn.media.ccc.de/events/MCH2022","url":"https://api.media.ccc.de/public/conferences/MCH2022","events":[{"guid":"fd495a4d-5937-5b3f-b921-5979856b3c80","title":"macOS local security: escaping the sandbox and bypassing TCC","subtitle":null,"slug":"mch2022-43-macos-local-security-escaping-the-sandbox-and-bypassing-tcc","link":"https://program.mch2022.org/mch2022/talk/WEBRZC/","description":"\"SomeApp would like to access files in your Documents folder.\" Anyone who has used macOS recently will be familiar with these prompts. But how do they work? What happens if you deny the access? Are they an effective defense against malware?\n\nThis talk will give an up to date overview of the local security measures of macOS and describe some ways they can be defeated in practice.\n\nSandboxing on macOS was introduced 13 years ago, but Apple didn't leave it at that. Starting with the release of macOS Catalina in 2019, even non-sandboxed apps need to deal with sandbox-like restrictions for files: all apps now need to ask permission to access sensitive files, like those in the user's documents or desktop folder. Features such as the camera and geolocation already needed user approval from a permission prompt. This system of user controlled permissions is known as Transparency, Consent, and Control (TCC).\n\nAny new security measure like this will also mean the introduction of new security boundaries, with new classes of vulnerabilities. Many parts of the system have to be re-examined to check for these vulnerabilities. For example, apps can now try to attack other apps in order to \"steal\" the permissions granted by the user to those apps. Apple has taken steps to allow apps to defend themselves against this, such as the hardened runtime. Ultimately, however, it is up to the developer of an app to safeguard its permissions. Many developers are not aware of this new responsibility or do not take it seriously. Developers who are used to the security model of Windows or Linux often do not know that these boundaries even exist. To make matters worse, Apple's documentation and APIs for these features are not as clear and easy to use as they should be.\n\nThis talk will start with an overview of local security restrictions on the latest version of macOS, Mojave. Then, it will cover some ways these protections might be bypassed in third-party applications. Finally, we will show some vulnerabilities we found in software that allowed escaping the macOS sandbox, stealing TCC permissions and privilege escalation, such as CVE-2021-30688, CVE-2020-10009 and CVE-2020-24428.","original_language":"eng","persons":["Thijs Alkemade","Daan Keuper"],"tags":["mch2022","43","2022","MCH2022 Curated content"],"view_count":163,"promoted":false,"date":"2022-07-25T19:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-04-02T09:45:05.605+02:00","length":3048,"duration":3048,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/43-fd495a4d-5937-5b3f-b921-5979856b3c80.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/43-fd495a4d-5937-5b3f-b921-5979856b3c80_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/43-fd495a4d-5937-5b3f-b921-5979856b3c80.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/43-fd495a4d-5937-5b3f-b921-5979856b3c80.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-43-macos-local-security-escaping-the-sandbox-and-bypassing-tcc","url":"https://api.media.ccc.de/public/events/fd495a4d-5937-5b3f-b921-5979856b3c80","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"d17d3fd5-c4f9-50be-b8fc-cafc88c3c5da","title":"The Silicon Passion","subtitle":null,"slug":"mch2022-296-the-silicon-passion","link":"https://program.mch2022.org/mch2022/talk/DEJQME/","description":"What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has created for them.\n\nThe performers draw inspiration from one of the most important stories about penance: the crucifixion. They want to find out exactly who or what should be nailed to the cross, and what the world might look like after a resurrection.Taking the St Matthew Passion as a starting point, both for the valuable lessons as well as musical inspiration. Armed with Bachst’ St Matthew Passion and synthesizers we will look for a new way of dealing with big tech.\n\nSETUP (Utrecht) is a media lab exploring the day-to-day future of technology. Using a critical yet humorous perspective, SETUP translates complex themes into more tangible ideas for everyone. In 2021, SETUP asked several artists to offer new perspectives on penance and forgiveness for big tech, using the St Matthew Passion. A composed group consisting of multidisciplinary theater collective de Transmissie and musician Rodrigo Ferreira came to a stunning result, with live performances from Theater Kikker and Pakhuis de Zwijger in April 2021. The new performance in 2022 is the next step in this research.","original_language":"eng","persons":["SETUP","de Transmissie \u0026 Rodrigo Ferreira"],"tags":["mch2022","296","2022","MCH2022 Curated content"],"view_count":134,"promoted":false,"date":"2022-07-22T18:00:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2025-08-04T22:30:03.296+02:00","length":4353,"duration":4353,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/296-d17d3fd5-c4f9-50be-b8fc-cafc88c3c5da.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/296-d17d3fd5-c4f9-50be-b8fc-cafc88c3c5da_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/296-d17d3fd5-c4f9-50be-b8fc-cafc88c3c5da.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/296-d17d3fd5-c4f9-50be-b8fc-cafc88c3c5da.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-296-the-silicon-passion","url":"https://api.media.ccc.de/public/events/d17d3fd5-c4f9-50be-b8fc-cafc88c3c5da","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"ef74f99b-c49d-5bc3-aa00-73a9fa3936c6","title":"Bring Your Own IDentity","subtitle":null,"slug":"mch2022-154-bring-your-own-identity","link":"https://program.mch2022.org/mch2022/talk/NMNWQB/","description":"Thanks to DNSSEC and DANE, it is possible to automatically verify user@domain.name identities by checking with domain.name servers.  The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only.  The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs.\n\nFor clients, being able to control an online identity is not just a cool matter of adding their domain name at the end.  It also means that they control how long the identity exists, if it is an alias, if it can be a group account with members that they control.  (We made identity and access control libraries to support all that, along with identities that are only usable until a timeout, from a certain remote domain, under a particular communication topic, and so on.)\n\nFor servers, being able to authenticate users from any domain is an answer to many questions that otherwise stagnate:\n\n  * Why does every HTTP server want us to create an account under its domain, instead of letting us use our own?\n  * Why do we constantly need to confirm our email address by clicking links?\n  * Why not authenticate SMTP senders and subject others to the most stringent spam filtering?\n  * Why not publish a mailing list archive in IMAP, available only to subscribers and searchable with their own tooling?\n  * Why not use AMQP as an automation-friendly document push protocol with authenticated senders for form submission, bill processing, blog publications, document archiving, ...\n  * Why not share your MQTT dataflow with external parties, so they don't need to keep a web page open to be notified about, say, a newly posted document?\n  * Why not share your PGP keys and contact information in your own LDAP directory but with access control to decide who may see what?\n\nAll these questions stagnate on problems like *You would need to have accounts for all users in the World*.  So that is what we solved in this project.\n\nThis project expands the usefulness of many protocols by changing the way their implementations handle authentication; instead of local accounts, they follow a backlink to the client's domain.  We designed and built the extensions needed for the backend, and made a few first implementations.  We are hoping to show the usefulness of adopting these ideas in your own tooling.\n\nWe present a number of generic mechanisms for Realm Crossover:\n\n 1. SASL tokens can be relayed to a Diameter server under the domain.name;\n 2. Kerberos supports Realm Crossover, and a keying handshake can do this on-demand;\n 3. X.509 certificates and PGP keys can be assured with DANE-akin structures for clients or by a lookup in an LDAP server for domain.name.\n\nFor each, some form of domain-owned identity provider is run to assert identity when an external service needs it.  The level of security is a matter of the user and their domain.name; an external service should not have to force down the security level of the client's domain.\n\nThese three Realm Crossover mechanisms cover the majority of application protocols, the notable exceptions being the oldest ones, like Telnet, FTP and HTTP.  Specifically for HTTP, we have defined an authentication mechanism that adds SASL; this means that new security mechanisms can be defined in SASL, where it benefits many protocols; it also means that authentication shifts from the HTTP application to the server, where the coding environment is better suited for such responsibilities.\n\nWe end with a demo, showcasing a useful authentication flow:\n\n  * Client desktop, with FireFox and a HTTP-SASL plugin\n  * Server domain, running Apache with HTTP-SASL module under an independent domain\n  * Server identity client, using Diameter to relay SASL to the Client Domain\n  * Client Domain, running an identity provider with SASL over Diameter","original_language":"eng","persons":["Rick van Rein","Henri Manson"],"tags":["mch2022","154","2022","MCH2022 Curated content"],"view_count":232,"promoted":false,"date":"2022-07-22T20:40:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2025-09-09T16:30:04.028+02:00","length":2932,"duration":2932,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/154-ef74f99b-c49d-5bc3-aa00-73a9fa3936c6.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/154-ef74f99b-c49d-5bc3-aa00-73a9fa3936c6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/154-ef74f99b-c49d-5bc3-aa00-73a9fa3936c6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/154-ef74f99b-c49d-5bc3-aa00-73a9fa3936c6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-154-bring-your-own-identity","url":"https://api.media.ccc.de/public/events/ef74f99b-c49d-5bc3-aa00-73a9fa3936c6","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"9b493f86-830b-529a-a7e7-7135b35966bc","title":"Audio networks and their security implications","subtitle":null,"slug":"mch2022-113-audio-networks-and-their-security-implications","link":"https://program.mch2022.org/mch2022/talk/JKSE7N/","description":"We will take a cursory look at the protocols that underpin audio over IP from studios to stages and on to broadcast. Focusing on AES67 the you will gain a basic understanding of what it is, how it works and how it is inherently vulnerable to attack. At a high level this talk should be accessible and entertaining to all, although to grasp the more nuanced details a rudimentary knowledge of IP networking and audio digitisation will be helpful.\n\nDescription:\n\nIn the professional audio space the heavy and expensive XLR snakes of old have largely been replaced with audio over IP. Operationally this move to audio over IP has provided many benefits, such as being able to use the same equipment for audio as they use for video and lighting rather than special sets of gear for each aspect of a production. However with the increased use of commodity IT hardware in this operational technology (OT) environment comes an increase in attack surface from more software, easier access and less segmentation. As with many places where IT components get re-purposed for OT the administration practices and development practices of the vendors haven’t necessarily caught up with the with the best practices of there IT counterparts. There are some hard problems to solve for audio over IP such as multicast encryption and authentication but also much simpler but more cultural things like updating a working system. \n\nIt is hoped that by presenting this topic to the broader community of hackers that more talented people get interested in the hard bits, and perhaps we can even reach the folks on the operational technology side to see what measures can be taken to improve the security of existing systems.","original_language":"eng","persons":["pcwizz"],"tags":["mch2022","113","2022","MCH2022 Curated content"],"view_count":215,"promoted":false,"date":"2022-07-25T11:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-01-26T21:30:16.211+01:00","length":2503,"duration":2503,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/113-9b493f86-830b-529a-a7e7-7135b35966bc.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/113-9b493f86-830b-529a-a7e7-7135b35966bc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/113-9b493f86-830b-529a-a7e7-7135b35966bc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/113-9b493f86-830b-529a-a7e7-7135b35966bc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-113-audio-networks-and-their-security-implications","url":"https://api.media.ccc.de/public/events/9b493f86-830b-529a-a7e7-7135b35966bc","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"5017694e-f466-54a6-9d78-0c5c8fec7c59","title":"Successfully building and programming sound field control systems","subtitle":null,"slug":"mch2022-232-successfully-building-and-programming-sound-field-control-systems","link":"https://program.mch2022.org/mch2022/talk/JN39DH/","description":"We will walk through the basics of sound field control systems and what you would need to build your own Wave Field Synthesis and Beamforming enabled system. We will unveil some of the challenges we faced at HOLOPLOT and what solutions power our tech stack.\n\nMost of us are very familiar with multiple ways of manipulating or creating audio content; filters, effects, synthesizers, etc., and most certainly don’t think about where the audio content is going to be reproduced. What if I told you your creativity could go further, and you can also control how sound is being reproduced?\nIn this talk, we will learn about sound field generation and control systems, their benefits, and everything you need to build your own Wave Field Synthesis and Beamforming system. Additionally, we will unveil some of the implementation and infrastructure challenges we faced and solved at HOLOPLOT and then let you hear what a HOLOPLOT Matrix Array can actually do.","original_language":"eng","persons":["Adrian Lara Moreno"],"tags":["mch2022","232","2022","MCH2022 Curated content"],"view_count":225,"promoted":false,"date":"2022-07-25T22:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-31T01:00:05.592+02:00","length":2959,"duration":2959,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/232-5017694e-f466-54a6-9d78-0c5c8fec7c59.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/232-5017694e-f466-54a6-9d78-0c5c8fec7c59_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/232-5017694e-f466-54a6-9d78-0c5c8fec7c59.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/232-5017694e-f466-54a6-9d78-0c5c8fec7c59.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-232-successfully-building-and-programming-sound-field-control-systems","url":"https://api.media.ccc.de/public/events/5017694e-f466-54a6-9d78-0c5c8fec7c59","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"5cc1e0ec-f3d4-501a-9516-78b0f959955e","title":"Nuggets of Shannon Information Theory","subtitle":null,"slug":"mch2022-241-nuggets-of-shannon-information-theory","link":"https://program.mch2022.org/mch2022/talk/8DFDSE/","description":"In his 1948 [scientific article](https://en.wikipedia.org/wiki/A_Mathematical_Theory_of_Communication) entitled [\"A mathematical theory of communication\"](https://people.math.harvard.edu/~ctm/home/text/others/shannon/entropy/entropy.pdf), Claude E. Shannon introduced the word “bit”. The article laid down the foundations for the field of information theory which in turn opened up the way to digital information processing.\n\nIn this overview talk, I will present in an accessible way three nuggets from Shannon information theory:\n1. Shannon entropy, a mathematical quantification of uncertainty of a probability distribution.\n2. Information Compression: Shannon entropy provides a fundamental lower bound on how much information from a source can be compressed so that it can later be recovered.\n3. Error correction: when digital information is transmitted over a noisy channel, the methods of error-correction provide ways to protect this information from noise. Yet again, Shannon entropy provides the fundamental quantity of how much information can be transmitted over a noisy channel.\n\nWhile the content of this talk is of mathematical nature, I will try my best to make it accessible to anybody with (very) basic knowledge of probabilities and programming.\n\n**All material (including presentation, Jupyter notebooks etc.) for this talk are available at https://github.com/cschaffner/ITNuggets**\n\nSince 2014, I have been teaching a yearly master course about information theory at the University of Amsterdam. Together with my PhD student Yfke Dulek, we have written [lecture notes](https://github.com/cschaffner/InformationTheory/blob/master/Script/InfTheory3.pdf) on the topic  and developed some additional learning tools based on these notes.\n\nI love the mathematical beauty of Shannon’s information theory, and I believe that the three concepts above can be appreciated by a much wider audience that does not regularly read  scientific papers of the mathematical kind. While I will focus on making the fundamental theoretical aspects accessible to the audience, all of these concepts also have some interesting (and challenging) programming aspects to them that can be explored further after my talk.","original_language":"eng","persons":["Christian Schaffner"],"tags":["mch2022","241","2022","MCH2022 Curated content"],"view_count":189,"promoted":false,"date":"2022-07-25T18:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-04-02T21:00:04.567+02:00","length":2963,"duration":2963,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/241-5cc1e0ec-f3d4-501a-9516-78b0f959955e.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/241-5cc1e0ec-f3d4-501a-9516-78b0f959955e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/241-5cc1e0ec-f3d4-501a-9516-78b0f959955e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/241-5cc1e0ec-f3d4-501a-9516-78b0f959955e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-241-nuggets-of-shannon-information-theory","url":"https://api.media.ccc.de/public/events/5cc1e0ec-f3d4-501a-9516-78b0f959955e","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"25a4989b-d62e-5fee-86fe-7ffce55f82f3","title":"Automatically Suspicious - Predictive policing in the Netherlands","subtitle":null,"slug":"mch2022-233-automatically-suspicious-predictive-policing-in-the-netherlands","link":"https://program.mch2022.org/mch2022/talk/DJ8FCY/","description":"Predictive policing is hip and happening. In the last few years we have seen a number of experiments with predictive policing in The Netherlands. How does that technology work? What were the outcomes of the experiments? And what is the legal status of a suspicion generated by a computer?\n\n\"Predictive policing\" is the name of a family of technology that use historical crime data to make predictions about future crimes (cue Minority Report). Police departments all over the world are very interested in this technology because it promises better results (more crimes prevented) at lower cost. In the Netherlands we have seen a number of experiments with predictive policing, and one of these systems (CAS) is currently being rolled out throughout the country. But how do these systems work? And how _well_ do they work? And what is actually the legal status of a suspicion generated by a computer? \n\nThis talk will give discuss relevant predictive policing experiments in the Netherlands and abroad and will discuss the results of these experiments. The talk will also cover the legal status of suspicions generated by this technology in the Netherlands.","original_language":"eng","persons":["Jos Visser LLM Msc"],"tags":["mch2022","233","2022","MCH2022 Curated content"],"view_count":244,"promoted":false,"date":"2022-07-24T20:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-02-23T04:45:03.169+01:00","length":2811,"duration":2811,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/233-25a4989b-d62e-5fee-86fe-7ffce55f82f3.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/233-25a4989b-d62e-5fee-86fe-7ffce55f82f3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/233-25a4989b-d62e-5fee-86fe-7ffce55f82f3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/233-25a4989b-d62e-5fee-86fe-7ffce55f82f3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-233-automatically-suspicious-predictive-policing-in-the-netherlands","url":"https://api.media.ccc.de/public/events/25a4989b-d62e-5fee-86fe-7ffce55f82f3","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"290d79df-a8f0-52ef-ad23-b8e10e4f49b2","title":"Detecting Log4J on a global scale using collaborative security","subtitle":null,"slug":"mch2022-135-detecting-log4j-on-a-global-scale-using-collaborative-security","link":"https://program.mch2022.org/mch2022/talk/DWKYMM/","description":"Utilizing collaborative security to collect data on attacks we were able to detect Log4J in a quite unusual but effective manner. We'll show you how CrowdSec enables the entire infosec community to stand together by detecting attempts to exploit a critical 0day, reporting them centrally thereby enabling anyone to protect themselves shortly after the vulnerability was made public. The unusual part is that this is done using FOSS software and by analyzing logs of real production systems but in a way that doesn't compromise the anonymity of anyone (except the attacker, of course) and doing so with a reliable result where poisoning and false positives are almost impossible. Too good to be true? Come by and judge for yourself!\n\nThe objective with the talk is to inspire the audience to understand why the world needs to think differently towards the threats of cyberattacks from criminals and which advantages it has when you’re really utilizing the power of the crowd. \n\nBasically we’ve been doing it wrong until now by thinking that all the world’s problems can be solved by throwing money at them. Guess what: They can’t. Defending against hackers is a full time, complex task that requires a lot of complex tasks to be carried out in the same order and same way every time to be effective. That’s difficult to do so in order to make it more doable we should try working together. CrowdSec is FOSS software that does exactly this by enabling users to share information about current attacks by parsing log files and sharing basic information (anonymously) about the attack (source ip, timestamp, IoC) with the crowd. \n\nCrowdSec could be perceived as a modern form of Fail2ban, though for Cloud and container-based infrastructure as well and capable of taking way more advanced decisions a lot faster. Mainly, it’s using a decoupled and distributed approach (detect here, remedy there) and an inference engine that leverages leaky buckets, YAML \u0026 Grok patterns to identify aggressive behaviors. It acquires signals from various data sources like files, syslogd, journald, AWS Cloudwatch and Kinesis, Docker logs and Windows Event Log, normalizes them, enriches them to apply heuristics and triggers a bouncer to deal with the threat, if need be. Since it’s written in Go, it’s compatible with almost any environment, fast in execution and ressource conservative.\n\nTo make sure signals are generally trustworthy we’ve implemented a reputation engine. Not only don’t we want any false positives - we also don’t want data to be poisoned. This is taken care of by a trust-ranking system where we assign a trust to each agent that will grow over time as the agent provides reliable signals. In this process both persistence and consistency is taken into account. In this process both persistence and consistency is taken into account. When an ip is voted for, it needs a certain amount of points based on the trust rank of each agent that has reported the ip. This system makes it expensive to poison collected data. Not only does it take a long time to reach a trust rank that makes any real difference - also diversity of AS NNumbers are being taken into account as well. The outcome of this is a reliable blocklist that’s constantly redistributed to network members in order to achieve a form of digital herd immunity. An ip caught aggressing WordPress sites will quickly be banned by all members who subscribed to the WordPress defense collection.\n\nWhile CrowdSec is in charge of the detection, the reaction is performed by “bouncers” that aim to be deployable at any level of the applicative / infrastructure stack :\nvia nftables/iptables/pf based on an IP set \nvia nginx/openresty LUA scripting\nvia a Wordpress plugin\nvia a general PHP/Python/JS bouncer that works with all applications written in those languages\non Cloudflare or Fastly via our bouncer that integrates with the provider’s API\non AWS WAF via our bouncer that integrates with AWS’ API.\n.. or in many other ways. Over time the possibilities will increase as the application design basically supports anything. \n\nBouncers can enforce several types of remediations, like blocking, sending a captcha, notifying, lowering rights, speed, sending a 2FA request, etc.\n\nThis approach, combined with a declarative configuration and a stateless behavior, makes it an efficient tool to enhance the security of modern stacks (containers, k8s, serverless and more generally automatically deployed infrastructures).\n\nWe are committed to building a strong community, with all that it implies :\na public hub to find, share and amend parsers, scenarios, and blockers\npermissive open-source license (MIT) to stay business-friendly\nand overall a strong commitment to transparency and community-first mentality, by tooling and behavior\n\nIn my talk I will dig into the technical nitty-gritty part of CrowdSec, the architecture and concepts and focus specifically on how we managed to collect data from live Log4J exploitation attempts using the crowd and how efficient this strategy turned out to be. CrowdSec is still collecting data and tracking the result on https://crowdsec.net/log4j-tracker/\n\nThe bigger the CrowdSec community becomes, the better protection against cyber criminals. So I really want to inspire the audience to engage in CrowdSec either by installing and using the software, to contribute documentation or code - or all of them. For the good of everybody!\n\nCurrently CrowdSec is collecting data from more than 45.000 agents in 158 countries. Each day more than 3M signals are collected. Over the last more than a year over 2.4M malevolent ips have been detected and verified.","original_language":"eng","persons":["Klaus Agnoletti"],"tags":["mch2022","135","2022","MCH2022 Curated content"],"view_count":259,"promoted":false,"date":"2022-07-22T20:40:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2026-01-02T14:30:14.229+01:00","length":1714,"duration":1714,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/135-290d79df-a8f0-52ef-ad23-b8e10e4f49b2.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/135-290d79df-a8f0-52ef-ad23-b8e10e4f49b2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/135-290d79df-a8f0-52ef-ad23-b8e10e4f49b2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/135-290d79df-a8f0-52ef-ad23-b8e10e4f49b2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-135-detecting-log4j-on-a-global-scale-using-collaborative-security","url":"https://api.media.ccc.de/public/events/290d79df-a8f0-52ef-ad23-b8e10e4f49b2","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"83c45f72-8df6-5eba-a169-ed33a3e6eca9","title":"IRMA's Idemix core: ","subtitle":"Understanding the crypto behind selective, unlinkable attribute disclosure","slug":"mch2022-85-irma-s-idemix-core-understanding-the-crypto-behind-selective-unlinkable-attribute-disclosure","link":"https://program.mch2022.org/mch2022/talk/AFD3XT/","description":"IRMA is a system in which you are in control of sharing specific personal properties (aka attributes) such as your age, address and gender which are stored in the IRMA app on your phone. Technically, IRMA is a set of free and open source software projects implementing the Idemix attribute-based credential scheme. Although the Idemix credential system has been around for a while it is still relevant today. In this talk, we walk you through the crypto behind Idemix, explain how it works, why it is safe and give you the means to understand Gabi, the Go implementation of Idemix that is used in IRMA.\r\n\r\nPresentations on privacy products often focus on the principles of why we should want to protect our privacy and how the product does this from a birds-eye or user perspective. In case of IRMA, this focus would be on storing your attributes on your local device and on the information flow when the IRMA app is used.\r\n\r\nHowever, in this talk we want to dig deeper, demonstrate the crypto behind the curtains and give you the means to reason why IRMA is a neat solution.\r\n\r\nNote that the talk is very technical. We will cover the theory of the zero-knowledge proofs, the Camenisch-Lysyankaya signature and the Idemix credential verification, all so you can understand the Go implementation of the Gabi library. If time allows, we'll also cover IRMA-specific solutions such as the keyshare protocol and revocation.\r\n\r\nWe will cover a lot of ground very quickly but after this talk you will have an excellent starting point for truely understanding this anonymous credential system. Of course we'll provide you with follow-up material and are happy to chat some more after the talk with a beer or two.\r\n\r\nBackground knowledge that will help in understanding this talk:\r\n- General understanding of public key cryptography, especially RSA (https://www.youtube.com/watch?v=MsqqpO9R5Hc, https://www.youtube.com/watch?v=SL7J8hPKEWY)\r\n- Basic algebra, namely the laws of exponentiation\r\n- Some context on IRMA (https://irma.app/docs/overview/)","original_language":"eng","persons":["Maja Reissner","Sietse Ringers"],"tags":["mch2022","85","2022","MCH2022 Curated content"],"view_count":174,"promoted":false,"date":"2022-07-24T21:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-13T17:00:07.608+01:00","length":3032,"duration":3032,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/85-83c45f72-8df6-5eba-a169-ed33a3e6eca9.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/85-83c45f72-8df6-5eba-a169-ed33a3e6eca9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/85-83c45f72-8df6-5eba-a169-ed33a3e6eca9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/85-83c45f72-8df6-5eba-a169-ed33a3e6eca9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-85-irma-s-idemix-core-understanding-the-crypto-behind-selective-unlinkable-attribute-disclosure","url":"https://api.media.ccc.de/public/events/83c45f72-8df6-5eba-a169-ed33a3e6eca9","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"3bfb042b-b4ac-5a25-94fb-bc90e47fb528","title":"The smart home I didn't ask for","subtitle":null,"slug":"mch2022-188-the-smart-home-i-didn-t-ask-for","link":"https://program.mch2022.org/mch2022/talk/JPLREJ/","description":"What happens when your home is “smart” before you even move in? More and more buildings are pre-installing smart devices that tenants didn’t ask for and may not want. These devices focus on comfort and convenience, an excellent focus as long as security is also considered. Given the deep integration these devices have, a vulnerable system could lead to devastating consequences like the loss of privacy and even unauthorized access. As a security researcher, these were my thoughts when I saw the tablet mounted on the wall of my new apartment.\n\nIn a short period, I discovered multiple vulnerabilities in the system. A concern for sure, considering the system allows for remote access and has integration with services in my apartment and the building. This talk will cover my path, my process, and coverage of the vulnerabilities I discovered.\n\nThe smart home system is based on a wall-mounted Android tablet, and is installed in thousands of properties throughout Europe. It allows for controlling lights, heating, motorized blinds, opening a building's main entrance door among other things.\n\nThe talk will contain the following contents:\n\n* Introduction\n* Presentation of the smart home system\n* Methodology\n  * How did I evaluate its security\n* Findings\n  * Description of vulnerabilities found\n  * Impacts and countermeasures\n* Disclosure timeline\n* Interactions with vendor\n* Raise awareness\n* Conclusion","original_language":"eng","persons":["Nils Amiet"],"tags":["mch2022","188","2022","MCH2022 Curated content"],"view_count":830,"promoted":false,"date":"2022-07-23T23:20:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-04-04T12:30:06.270+02:00","length":1875,"duration":1875,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/188-3bfb042b-b4ac-5a25-94fb-bc90e47fb528.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/188-3bfb042b-b4ac-5a25-94fb-bc90e47fb528_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/188-3bfb042b-b4ac-5a25-94fb-bc90e47fb528.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/188-3bfb042b-b4ac-5a25-94fb-bc90e47fb528.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-188-the-smart-home-i-didn-t-ask-for","url":"https://api.media.ccc.de/public/events/3bfb042b-b4ac-5a25-94fb-bc90e47fb528","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"5235ff43-dd57-5939-857d-941335390a4e","title":"drand: publicly verifiable randomness explained","subtitle":null,"slug":"mch2022-150-drand-publicly-verifiable-randomness-explained","link":"https://program.mch2022.org/mch2022/talk/YWHF7Z/","description":"drand is an opensource project allowing anybody to run a “randomness beacon”. Its goal? Providing a trustable, verifiable source of public randomness that would enable full transparency in online lotteries, leader election or blockchain smart contracts.\nThis talk is about what distributed randomness is, what it means for developers, and users, and why you’d want to use it. I will also present to you the current ecosystem around drand, and what it enables you to do differently and why it is desirable in a distributed, decentralized web to have public, verifiable randomness.\n\nDon’t worry though: we will first go through an easy overview of how it works without diving too much into the gory cryptographic details. In addition, I’ll demo how drand works in practice, and explain you how you can easily use it in your applications since drand nodes can be queried by anybody.\n\nDisclaimer: this is NOT a blockchain talk, but rather a distributed system one.\n\n[drand](https://drand.love/) (pronounced \"dee-rand\") is a distributed randomness beacon daemon written in Golang.\nIt has been used by Cloudflare, EPFL, Kudelski Security, UCL and other partners to setup a distributed randomness project that was unveiled in June 2019: the [\"League of Entropy\"](https://blog.cloudflare.com/league-of-entropy). Since then even more members have joined the league.\n\nServers running drand can be linked with each other to produce collective, publicly verifiable, unbiasable, unpredictable random values at fixed intervals using bilinear pairings and threshold cryptography. Drand nodes can also serve locally-generated private randomness to clients.\n\nGenerating public randomness is the primary functionality of drand.\nPublic randomness is generated collectively by drand nodes and publicly available. The main challenge in generating good randomness is that no party involved in the randomness generation process should be able to predict or bias the final output. Additionally, the final result has to be third-party verifiable to make it actually useful for applications like lotteries, sharding, or even \"nothing up my sleeves\" parameter generation for security protocols.\n\ndrand relies on the following cryptographic constructions:\n  - Pairing-based cryptography and Barreto-Naehrig curves.\n  - Pedersen's distributed key generation protocol for the setup.\n  - Threshold BLS signatures for the generation of public randomness.\n  - ECIES for the encryption of private randomness.\n\nThese are well known, while still relatively cutting edge cryptographic schemes.\n\nWhy do we need such randomness?\nA lot of reasons actually:\n - Lotteries, jury selection, election event, random sampling for audits, ...\n - Protocols \u0026 cryptography:\n\t- Verifiable gossip: randomly choosing peers in a verifiable way in a network to disseminate information\n\t- Parameters: Nonces \u0026 IV for symmetric encryptions, composite or prime numbers for selecting a field for RSA, or even ECC\n\t- Schemes: Diffie Hellman exchange, Schnorr signatures, more generally for zero knowledge proofs,\n\t- Protocols: Tor (e.g. path selection), sharding (Omniledger), leader election for consensus\n - Statistics:  verifiable random sampling, reducing bias e.g. in controlled trials in medicine, etc.\n\nNow, drand is a software ran by a set of independent nodes that collectively produce randomness and whose long term goal is to implement Randomness-as-a-Service:\n - Fetching randomness should be as simple as fetching time from NTP servers.\n - Nodes can serve both private randomness and public randomness:\n\t- Unpredictable and bias-resistant\n\t- Publicly Verifiable\n - Decentralized service using threshold cryptography, with high availablity, reliability and trust.\n\nThis talk will NOT be about just the cryptography behind drand, but I will cover some of the basics in a simple way in order to tease the people that could be interested, while introducing cool cryptographic constructions to the rest. It will NOT be about how drand is built, but it will really be about the **practical use-cases for drand**, how to use it, its kind of randomness, what it means and why you might want to use it.","original_language":"eng","persons":["Yolan Romailler"],"tags":["mch2022","150","2022","MCH2022 Curated content"],"view_count":136,"promoted":false,"date":"2022-07-25T12:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-06T01:00:06.406+01:00","length":2339,"duration":2339,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/150-5235ff43-dd57-5939-857d-941335390a4e.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/150-5235ff43-dd57-5939-857d-941335390a4e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/150-5235ff43-dd57-5939-857d-941335390a4e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/150-5235ff43-dd57-5939-857d-941335390a4e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-150-drand-publicly-verifiable-randomness-explained","url":"https://api.media.ccc.de/public/events/5235ff43-dd57-5939-857d-941335390a4e","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"ba4a6ee5-a0c7-59ee-9493-6574c6017763","title":"Hacking with Microbes","subtitle":null,"slug":"mch2022-155-hacking-with-microbes","link":"https://program.mch2022.org/mch2022/talk/D3QKXL/","description":"Microbes are everywhere.  They are part of nature, both around us and inside of us.  When you provide their desired niche, you can make them do something for you, in a mutually beneficial arrangement.  This talk will take you into their realm, and show a few practical examples and hacking opportunities.\n\nOur climate is on fire, but we are still reaching for an Ultimate Solution.  We don't move until we get a drop-in replacement to sustain current habits, at no extra cost.  Our cognitive dissonance makes us trust politicians to deliver on promises, and energy vendors to withstand lucrative green washing.  But it is both interesting and profitable to be part of the solution, and not of the problem.\n\nI have a long-standing fascination with microbial processes.  They are adaptive and resilient while they modestly take on chores that pull things back to nature's standards.  I think many problems that we are facing now can be solved locally and efficiently with clever combinations of technology and microbiology.  Not always complete solutions and not everything is simple, but they certainly add to resilience and taking ownership of problem *and* solution.\n\nIn a perfect situation, energy is harvested when\u0026where it is abundant and moved to when\u0026where it is needed.  This talk demonstrates ways of doing at least some of that with the help of microbial systems.  We will demonstrate overlap and connections, and conditions under which they may be hacked:\n\nOutline:\n\n  * Beer.  Vinegar.  Innoculation.  Permaculture.\n  * Gut.  Fiber or Fat.  SCFA.  Immune system.  Epigenetics.\n  * Biogas.  Acetate.  Sulphur and ammonia.  Garbage in, garbage out.\n  * Microbial fuel cell.  Clay and carbon.  Training.\n  * Pee.  Urea.  Energy calculations for a Raspberry Pee.\n  * Poo.  Phosphate.  Energy calculations for iPoo mobility.\n  * Compost.  Worms.  Energy calculations for heat generation.\n  * Climate change \u0026 zoonose.  Cramming sick animals.  Antibiotics.  Government ignorance.\n\nSummary:\n\n  * Making beer uses yeast to turn sugar to alcohol.  Yeast can flexibly adapt from/to glucose via DNA switching to generate different enzymes.  Let fruit flies in, and they bring along Acetobacter that reduce alcohol to vinegar.  Wild fermentation is more natural, and yields a lambic beer.  Save work by going for stable, naturally mixed processes.\n  * Our gut processes whatever we can't.  Two rough kinds of colonies co-exist.  One consumes cholesterol/bile and the other plants/fiber.  They tune our body via SCFA, the immune system and epigenetics.  You can hack by changing your food (and after a few weeks, the microbes are thought to hack you by asking for more; so much for free will?!?)\n  * Biogas works like a gut.  It forms/consumes acetate CH₃COOH to produce CO₂ and methane CH₄ with byproducts hydrogen H₂, hydrosulphide H₂S and ammonia NH₃.  Local cycles can process known sludge and produce usable liquid output, but large-scale anonymity destroys that.  Some influences are possible, but the process is basically difficult, smelly and a bit dangerous.\n  * Microbes can live in a fuel cell, which then accepts electrons and passes H+ through a membrane.  Urine can be broken down with just clay and carbon -- and a culture.  What are researchers doing?  A variant to produce hydrogen H₂.  And the potential of driving microbes by passing in a current.\n  * Pee contains urea (NH₂)CO(NH₂), a hydrogen carrier.  Urea is stable when dried, but otherwise reduces to ammonia NH₃.  Soil microbes normally turn ammonia into atmospheric N₂ and water.  But we can also use urea in a fuel cell to extract electricity or hydrogen.\n  * Poo contains many microbes, some of which are pathogenic.  But it is also our disposal channel for phosphorous (which we mine to grow food) and nitrogen.  Troubled hygiene, but can this be safe?  Is it a good idea?\n  * Compost is incredibly straightforward and safe.  The nutrient cycle is so short that nature could have invented it... oh wait, it did.  Spring brings a gradual start, Summer collects energy, Autumn sheds it off and Winter benefits from the captured energy.  Because composting generates heat, and has been used for heating homes, or parts of homes.  Though mostly self-controlled, there are broad requirements for heat retention, moisture, oxygenation and C:N ratio.  Working with these, you can have some degree of control over this process.\n  * Microbes mutate if we force them into another environment.  Like a sick animal.  Or 3000 of them.  Antibiotics form a bonus challenge.  Many animal farmers carry resistent microbes.  Zoonoses are on the rise due to climate change, and they are the common source of infectious diseases.  Government practices [best effort management](https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/wob-verzoeken/2020/10/28/besluit-wob-verzoek-prognoses-ziektekiemen-uit-dierhouderijen/Besluit+Wob-verzoek+prognoses+ziektekiemen+uit+dierhouderijen.pdf) by chasing for *known* diseases; they are generally clueless about possible future zoonoses and any involved risk to humans.\n\n[Session image source](https://commons.wikimedia.org/wiki/File:Cyanobacteria_guerrero_negro.jpg)","original_language":"eng","persons":["Rick van Rein"],"tags":["mch2022","155","2022","MCH2022 Curated content"],"view_count":153,"promoted":false,"date":"2022-07-24T20:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-01-24T22:00:15.710+01:00","length":3165,"duration":3165,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/155-ba4a6ee5-a0c7-59ee-9493-6574c6017763.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/155-ba4a6ee5-a0c7-59ee-9493-6574c6017763_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/155-ba4a6ee5-a0c7-59ee-9493-6574c6017763.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/155-ba4a6ee5-a0c7-59ee-9493-6574c6017763.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-155-hacking-with-microbes","url":"https://api.media.ccc.de/public/events/ba4a6ee5-a0c7-59ee-9493-6574c6017763","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"16c0f0a1-e6cd-50f4-99f4-ea7b17e20ecb","title":"Programming microcontrollers in Go using TinyGo","subtitle":null,"slug":"mch2022-82-programming-microcontrollers-in-go-using-tinygo","link":"https://program.mch2022.org/mch2022/talk/MNE98G/","description":"Go is often thought of as a server programming language, especially one used for microservices. However, I argue that it can also be a good language for much smaller systems: microcontrollers. Especially with the Internet of Things there is a need for a language that is safer, easier to use (harder to misuse) and easier to build and test.\n\nFor many years, C has been the dominant language in the embedded world and especially microcontrollers. Almost all embedded systems are written in C. The last few years this has been changing, with new languages being used for this purpose:\n\n  * [Rust](https://www.rust-lang.org/what/embedded) has seen rapid growth in embedded systems with its focus on safety and expressiveness. It is in fact a great replacement for C, as it is just as low level and efficient as C but without all the footguns. However, many people find this language hard to learn.\n  * Another language that's sometimes used is Python, in the form of [MicroPython](https://micropython.org/). This is in fact what powers the SHA2017 and MCH2022 badges. While the project is an amazing accomplishment, it still suffers from the fact that the language is interpreted and there are limits to how fast it can be.\n  * Some people have also used other languages, such as [Lua](https://nodemcu.readthedocs.io/en/release/), [JavaScript](https://www.espruino.com/), [Oberon](https://www.astrobe.com/), [Forth](https://hackaday.com/2017/01/27/forth-the-hackers-language/), [Ada](https://blog.adacore.com/ada-on-the-microbit), and probably others. I'm not aware of a language that got much further than experimental or very specific uses.\n  * Then there is [TinyGo](https://tinygo.org/), which is a new compiler for the Go language and primarily targets baremetal embedded systems and WebAssembly. This is what I will talk about.\n\nTinyGo is a new compiler for the Go programming language. Its goal is to implement the Go language specification, be able to compile most of the Go standard library, but still optimize well enough so that binaries can run on a range of large and small embedded systems. It optimizes much more aggressively than the main Go implementation and the resulting binaries are able to run on systems ranging from the Arduino Uno, to the BBC micro:bit, to the MCH2022 badge with an ESP32 chip. I believe TinyGo offers most of the ease-of-use benefits of interpreted languages while providing most of the performance benefits of languages such as C.\n\nIn this talk, I will cover what kinds of problems C can cause, why Go can be a great fit on embedded systems, an explanation of some optimizations that it does that help lower its code size and RAM consumption, and some examples of projects written using TinyGo. Oh, and of course some demos.","original_language":"eng","persons":["Ayke van Laethem"],"tags":["mch2022","82","2022","MCH2022 Curated content"],"view_count":322,"promoted":false,"date":"2022-07-24T10:40:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-30T08:00:03.804+02:00","length":1817,"duration":1817,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/82-16c0f0a1-e6cd-50f4-99f4-ea7b17e20ecb.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/82-16c0f0a1-e6cd-50f4-99f4-ea7b17e20ecb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/82-16c0f0a1-e6cd-50f4-99f4-ea7b17e20ecb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/82-16c0f0a1-e6cd-50f4-99f4-ea7b17e20ecb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-82-programming-microcontrollers-in-go-using-tinygo","url":"https://api.media.ccc.de/public/events/16c0f0a1-e6cd-50f4-99f4-ea7b17e20ecb","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"cf4dc17c-aab4-5868-9b57-100a55a1c2fb","title":"⚠️ May Contain Hackers 2022 Closing","subtitle":null,"slug":"mch2022-110--may-contain-hackers-2022-closing","link":"https://program.mch2022.org/mch2022/talk/DZAUQA/","description":"It's over before you know it... this talk looks back at the event, explains how the tear-down works, highlights next years camps and gives a tanks to all the organizers on stage.\n\nWhat more can i say? Except that i need to enter at least 250 characters. I'll just blabber on and fill up th\n\n🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈","original_language":"eng","persons":["Elger \"Stitch\" Jonker"],"tags":["mch2022","110","2022","MCH2022 Curated content"],"view_count":416,"promoted":false,"date":"2022-07-26T16:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-11-02T00:15:03.862+01:00","length":1066,"duration":1066,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/110-cf4dc17c-aab4-5868-9b57-100a55a1c2fb.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/110-cf4dc17c-aab4-5868-9b57-100a55a1c2fb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/110-cf4dc17c-aab4-5868-9b57-100a55a1c2fb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/110-cf4dc17c-aab4-5868-9b57-100a55a1c2fb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-110--may-contain-hackers-2022-closing","url":"https://api.media.ccc.de/public/events/cf4dc17c-aab4-5868-9b57-100a55a1c2fb","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"eacde282-62a6-5374-bc7f-8b39036ccc78","title":"Scanning and reporting vulnerabilities for the whole IPv4 space. ","subtitle":"How the Dutch Institute for Vulnerability Disclosure scales up Coordinated Vulnerability Disclosure","slug":"mch2022-55-scanning-and-reporting-vulnerabilities-for-the-whole-ipv4-space-how-the-dutch-institute-for-vulnerability-disclosure-scales-up-coordinated-vulnerability-disclosure","link":"https://program.mch2022.org/mch2022/talk/9LMTLA/","description":"The Dutch Institute for Vulnerability Disclosure scans the internet for vulnerabilities and reports these to the people who can fix them. Our researchers will go into some of our recent cases, our board members will describe how we professionalise vulnerability disclosure and why we are allowed to somewhat break laws on computer crime and privacy.\r\n\r\nThe Dutch Institute for Vulnerability Disclosure scans the internet from our own AS (50.559) for vulnerabilities and reports these to the people who can fix them. In this session our board members will describe how we professionalise vulnerability disclosure with an independent foundation, a Code of Conduct, a common identity, a collaboration platform for independent researchers and a CSIRT to report vulnerabilities to owners of vulnerable systems. \r\nOur researchers will go into some of our more known cases, ranging from Citrix 2020, to KaseyaVSA and Log4j in 2021 and others which commenced between filing this proposal and the conference. They will demonstrate how to scan, validate data, report to users and how they responded. \r\nBy doing this, we kind of break several laws on computer crime and privacy protection. Still, we are allowed to as we serve to make the internet more secure. Moreover, we also guide young security researchers to the responsible path of vulnerability disclosure. And we do it Dutch style: open, direct and for free.\r\nChris and Astrid will go into the way we work, Frank and Lennaert will do the cases.","original_language":"eng","persons":["Chris van 't Hof","Astrid Oosenbrug","Frank Breedijk","Lennaert Oudshoorn"],"tags":["mch2022","55","2022","MCH2022 Curated content"],"view_count":156,"promoted":false,"date":"2022-07-25T19:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-07-14T21:45:05.518+02:00","length":2940,"duration":2940,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/55-eacde282-62a6-5374-bc7f-8b39036ccc78.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/55-eacde282-62a6-5374-bc7f-8b39036ccc78_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/55-eacde282-62a6-5374-bc7f-8b39036ccc78.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/55-eacde282-62a6-5374-bc7f-8b39036ccc78.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-55-scanning-and-reporting-vulnerabilities-for-the-whole-ipv4-space-how-the-dutch-institute-for-vulnerability-disclosure-scales-up-coordinated-vulnerability-disclosure","url":"https://api.media.ccc.de/public/events/eacde282-62a6-5374-bc7f-8b39036ccc78","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"445e7a55-899c-518f-9671-a31460f8769b","title":"Decoding the Anker 3800 lock","subtitle":null,"slug":"mch2022-57-decoding-the-anker-3800-lock","link":"https://program.mch2022.org/mch2022/talk/XVBPNB/","description":"The Anker 3800 is a mechanical lock that has both traditional pins as well as magnetic sliders. Can it be opened without the key? This talk discusses how the lock works in a master keyed system and how it can possibly be defeated. It will cover decoding, picking and key duplication.\n\nThe Anker 3800 is a mechanical lock that has both traditional pins as well as magnetic sliders. It was designed by Japanese company MIWA and is sold in the Netherlands under the Anker brand. It is a high security lock that is often used in large master keyed systems.\n\nI wondered: can it be opened without the key? I will present my adventures with the lock, having opened it up to see how it works, and several things I have tried to copy the key, pick the lock, decode the lock and find out what the master key looks like. The talk will include successes and failures and I will discuss designing 3D models, C\u0026C work, electronics, Arduino programming, PCB design, and more.\n\nThe talk is aimed at people with an interest in lockpicking. No prior knowledge is necessary.","original_language":"eng","persons":["gigawalt"],"tags":["mch2022","57","2022","MCH2022 Curated content"],"view_count":274,"promoted":false,"date":"2022-07-23T21:40:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-12-26T12:45:06.856+01:00","length":3000,"duration":3000,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/57-445e7a55-899c-518f-9671-a31460f8769b.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/57-445e7a55-899c-518f-9671-a31460f8769b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/57-445e7a55-899c-518f-9671-a31460f8769b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/57-445e7a55-899c-518f-9671-a31460f8769b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-57-decoding-the-anker-3800-lock","url":"https://api.media.ccc.de/public/events/445e7a55-899c-518f-9671-a31460f8769b","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"2ea6c96c-4547-5c9a-9652-b696bae4911d","title":"The Best Worst Thing","subtitle":null,"slug":"mch2022-133-the-best-worst-thing","link":"https://program.mch2022.org/mch2022/talk/R9LCYW/","description":"This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of yourself.\n\nSome inventions are so good that they change the world. When a new innovation is useful enough, we no longer want to live without it – and once a technology is practical enough, it soon becomes compulsory.\n\nElectrical networks are a good example of this. While it is hard to imagine modern life without electricity, electrical networks are a fairly recent invention. Nowadays, a power outage brings everything to a halt. If an outage is extensive, not only homes will be affected – shops and factories also close. Once these networks are down, society will be offline. Modern society could only last for a few days in a complete power outage. \n\nIf the Internet were to fail, the impacts would be much less dramatic. Society would not stop during a network outage. Factories would continue to operate. Information would flow via TV antennas and FM radio. Of course, work would be much more difficult without network connections. Most monetary transactions would also cease. In a nutshell, internet outages are expensive, but they don't kill people. \n\nI predict that, before long, the information network and electrical network will be equally important to our society. Before long, much like a power outage, a network outage will bring life to a halt. In fact, before long, a network outage will also mean a power outage.\n\nElectrical networks have been highly beneficial, but we have become highly dependent on them. The same is now happening in relation to information networks. The electrical network needs the information network to work, and vice versa. Technological development is changing our society in a fundamental way. This dependency is happening on our watch.","original_language":"eng","persons":["Mikko Hypponen"],"tags":["mch2022","133","2022","MCH2022 Curated content"],"view_count":1052,"promoted":false,"date":"2022-07-22T20:00:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2026-01-20T11:15:10.316+01:00","length":1755,"duration":1755,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/133-2ea6c96c-4547-5c9a-9652-b696bae4911d.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/133-2ea6c96c-4547-5c9a-9652-b696bae4911d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/133-2ea6c96c-4547-5c9a-9652-b696bae4911d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/133-2ea6c96c-4547-5c9a-9652-b696bae4911d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-133-the-best-worst-thing","url":"https://api.media.ccc.de/public/events/2ea6c96c-4547-5c9a-9652-b696bae4911d","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"ce1108da-edbc-5eda-8640-885db6ea5315","title":"The art of online discobingo","subtitle":null,"slug":"mch2022-118-the-art-of-online-discobingo","link":"https://program.mch2022.org/mch2022/talk/PQXR8Y/","description":"This presentation will includes insights in starting your own online pirate radiostation, the mathematics of bingo cards, keeping participants data up to GDPR standards, Fitbit-statistics, and the optimization of bingo winner-calculations. This presentation will also at one point include a guy in an ice cream cone costume with an offensive name, as well as an optional disco bingo party with songs supplied by visitors to the conference.\n\nAs the first Covid lockdown made it impossible to continue hosting live events in pubs, many presenters and questioneers quickly adapted to hosting online quizzes. Slightly depressed by the notion that online quizzes would involve a great amount of cheating and the thought that participants would see it as an “okay substitute for the offline version”, I choose to develop an online event that would be impossible to cheat and would give people a unique experience, whilst still being a game that can also be played in pubs.\n\nWhen this presentation is held, there will have been at least 200 installments of DJ Cone Yo’s online Discobingo, with over 5.000 participants on all 6 continents, all from a laptop on a nightstand next to my bed. It proved to be an event accessible to both Children as well as high-level employees of companies such as Deloitte, PWC, Gemeente Amsterdam, and then some.\n\nPlease note that this will not be a presentation on any personal accomplishment with this event. Because let’s be honest: it’s a guy doing digital conga shuffles in front of the webcam. However, during the development of this activity I learned how to build up an https online radio server with Icecast2, created calculation models in excel to manufacture unique cards, optimized this data to supply me predictive data to rapidly check results, and created a way to supply participants with all information, including unique cards, whilst living up to GDPR-standards. With this presentation I’d like to provide some inspiration regarding how to develop each of these things without any knowledge of programming and using some of the most basic pieces of software. Also: share the joy of bingo math.\n\nThere is an option to also do a shared evening activity. People can supply songs for an evening discobingo which can be played in multiple locations at the same time. So if there are any restrictions still set, the radio stream can be played in tents or in smaller groups, and everyone that wishes to join can receive a unique card and play along. In the spirit of the event, people can even submit their own prizes to the bingo as to share them with others at the festival.\n\nAnd on a personal note:\nAfter visiting SHA2017 back when I was working as a campaign strategist for Bits of Freedom (where I got to design campaigns such as the Rijksveiligheidsdienst) I have thought about how amazing it would be to do a presentation at one of these events. Back then, me and a few colleagues specifically enjoyed a presentation on “how to start an escape room”. Doing something along these lines and sharing insights gained from developing entertainment is something I am good at.","original_language":"eng","persons":["Tijmen Swaalf"],"tags":["mch2022","118","2022","MCH2022 Curated content"],"view_count":88,"promoted":false,"date":"2022-07-23T11:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-06-22T15:30:03.893+02:00","length":2673,"duration":2673,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/118-ce1108da-edbc-5eda-8640-885db6ea5315.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/118-ce1108da-edbc-5eda-8640-885db6ea5315_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/118-ce1108da-edbc-5eda-8640-885db6ea5315.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/118-ce1108da-edbc-5eda-8640-885db6ea5315.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-118-the-art-of-online-discobingo","url":"https://api.media.ccc.de/public/events/ce1108da-edbc-5eda-8640-885db6ea5315","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"35e51ad0-d0ed-5c46-a337-5af8b4c7c72f","title":"Reproducible Builds for Trustworthy Binaries","subtitle":null,"slug":"mch2022-38-reproducible-builds-for-trustworthy-binaries","link":"https://program.mch2022.org/mch2022/talk/E33B8K/","description":"Reproducible Builds is a technique that can be used to secure the software delivery pipeline.\n\nFor open source software, they even allow independently auditing published binaries, removing a single point of trust from the distribution process. This can be used by individual projects or even complete Linux distributions.\n\nThe software delivery pipeline is an increasingly popular attack vector: even when your project source code is known-good (audited), an attacker can inject malware by gaining access to the machine used to build (and sign) the binaries.\n\nReproducible Builds provides a mechanism to counter such attacks: by building the same source code on independently-administered machines and comparing their outcome.\n\nSeveral Linux distributions (Debian, Arch, openSUSE, NixOS, OpenWrt, ...) are working towards using Reproducible Builds to make their binary packages independently verifiable, but also individual projects use it to verify their deliverables. This talk will give an overview of progress, results and next steps.","original_language":"eng","persons":["raboof"],"tags":["mch2022","38","2022","MCH2022 Curated content"],"view_count":128,"promoted":false,"date":"2022-07-25T23:20:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-11-26T00:30:04.544+01:00","length":1864,"duration":1864,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/38-35e51ad0-d0ed-5c46-a337-5af8b4c7c72f.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/38-35e51ad0-d0ed-5c46-a337-5af8b4c7c72f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/38-35e51ad0-d0ed-5c46-a337-5af8b4c7c72f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/38-35e51ad0-d0ed-5c46-a337-5af8b4c7c72f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-38-reproducible-builds-for-trustworthy-binaries","url":"https://api.media.ccc.de/public/events/35e51ad0-d0ed-5c46-a337-5af8b4c7c72f","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"8cd4d05d-87d2-5148-b2d4-f0a27cbc9e0c","title":"Attribution is bullshit - change my mind...","subtitle":null,"slug":"mch2022-51-attribution-is-bullshit-change-my-mind-","link":"https://program.mch2022.org/mch2022/talk/ATVVN8/","description":"Borne out of a semi-flippant Twitter comment, this talk will take you on a journey across the benefits, pitfalls, and outright BS of attribution.\n\nExpect passionate opinions, trenchfoot inducing war stories, head+desk frustration, and a strong meme game.\n\nWith this session, which is aimed at security practitioners, researchers, students, and anyone with an interest in cybersecurity, we hope to:\n• Highlight the value of decent threat intelligence\n• Establish why attribution can be valuable, but how it can be a distraction, or worse\n• Inform people who are interested in attribution and threat intelligence as areas of study how they can pursue it\n\nBorne out of a semi-flippant Twitter comment, this talk will take you on a journey across the benefits, pitfalls, and outright BS of attribution.\n\nExpect passionate opinions, trenchfoot inducing war stories, head+desk frustration, and a strong meme game.\n\nWith this session, which is aimed at security practitioners, researchers, students, and anyone with an interest in cybersecurity, we hope to:\n• Highlight the value of decent threat intelligence\n• Establish why attribution can be valuable, but how it can be a distraction, or worse\n• Inform people who are interested in attribution and threat intelligence as areas of study how they can pursue it","original_language":"eng","persons":["Samantha Humphries"],"tags":["mch2022","51","2022","MCH2022 Curated content"],"view_count":218,"promoted":false,"date":"2022-07-23T21:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-12-23T14:30:06.815+01:00","length":1506,"duration":1506,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/51-8cd4d05d-87d2-5148-b2d4-f0a27cbc9e0c.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/51-8cd4d05d-87d2-5148-b2d4-f0a27cbc9e0c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/51-8cd4d05d-87d2-5148-b2d4-f0a27cbc9e0c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/51-8cd4d05d-87d2-5148-b2d4-f0a27cbc9e0c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-51-attribution-is-bullshit-change-my-mind-","url":"https://api.media.ccc.de/public/events/8cd4d05d-87d2-5148-b2d4-f0a27cbc9e0c","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"6eb6760c-77e0-55e7-a932-91b6a7c27613","title":"Hacking the Quincy Drawing Robot","subtitle":"(and possible win one!)","slug":"mch2022-42-hacking-the-quincy-drawing-robot-and-possible-win-one-","link":"https://program.mch2022.org/mch2022/talk/787GY3/","description":"This session will go over my journey to hack the Quincy drawing robot. This is a cheap 3-axis drawing robot, that uses a proprietary \"closed\" system. I wanted to hack this robot to draw Pokémon's for my son. I will explain how I deciphered the file formats, figured out how the robot could be controlled (which needed some very very difficult math!) and the software I made to create your own drawings.\r\n\r\nBONUS: At the end of the session you can WIN one of these Quincy Robots!!!\r\n\r\nThis session will explain step by step the process I took to decode the proprietary file formats, using some simple python coding. This will give you an insight in general how you can try to decode file formats that are not documented. \r\n\r\nBesides understanding the files, the math behind controlling this robot turned out to be very complicated. I will explain the difficulty and if you are a Math Nerd you can see if you could solve this difficult challenge.  \r\n\r\nFinally I will show the software I made to create your own drawing files.","original_language":"eng","persons":["The Anykey"],"tags":["mch2022","42","2022","MCH2022 Curated content"],"view_count":326,"promoted":false,"date":"2022-07-23T18:40:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-04-01T23:00:07.716+02:00","length":1491,"duration":1491,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/42-6eb6760c-77e0-55e7-a932-91b6a7c27613.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/42-6eb6760c-77e0-55e7-a932-91b6a7c27613_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/42-6eb6760c-77e0-55e7-a932-91b6a7c27613.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/42-6eb6760c-77e0-55e7-a932-91b6a7c27613.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-42-hacking-the-quincy-drawing-robot-and-possible-win-one-","url":"https://api.media.ccc.de/public/events/6eb6760c-77e0-55e7-a932-91b6a7c27613","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"e6690a1a-95a9-58cb-b016-91e6b58dc79a","title":"Running a mainframe on your laptop for fun and profit","subtitle":null,"slug":"mch2022-126-running-a-mainframe-on-your-laptop-for-fun-and-profit","link":"https://program.mch2022.org/mch2022/talk/PBHJCP/","description":"Yes, this talk is about running your own mainframe on your own hardware. Mainframes are old, yes, but they are still very much alive. New hardware is still being developed and there are a lot of fresh jobs in this area too. A lot of mainframes run COBOL workloads. COBOL is far from a dead language. It processes an estimated 85% of all business transactions, and 5 billion lines of new COBOL code are written every year. In this session the speaker will help you in take your first steps towards running your own mainframe. If you like then after this session you can continue to build your knowledge of mainframe systems using the links provided during the talk. Come on in and learn the basics of a completely different computer system! And it will take you less than an hour to do that!\n\nYes, this talk is about running your own mainframe on your own hardware. Mainframes are old, yes, but they are still very much alive. New hardware is still being developed and there are a lot of fresh jobs in this area too. A lot of mainframes run COBOL workloads. COBOL is far from a dead language. It processes an estimated 85% of all business transactions, and 5 billion lines of new COBOL code are written every year. In this session the speaker will help you in take your first steps towards running your own mainframe. If you like then after this session you can continue to build your knowledge of mainframe systems using the links provided during the talk. Come on in and learn the basics of a completely different computer system! And it will take you less than an hour to do that!","original_language":"eng","persons":["Jeroen Baten"],"tags":["mch2022","126","2022","MCH2022 Curated content"],"view_count":411,"promoted":false,"date":"2022-07-24T10:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-13T05:30:04.128+01:00","length":2652,"duration":2652,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/126-e6690a1a-95a9-58cb-b016-91e6b58dc79a.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/126-e6690a1a-95a9-58cb-b016-91e6b58dc79a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/126-e6690a1a-95a9-58cb-b016-91e6b58dc79a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/126-e6690a1a-95a9-58cb-b016-91e6b58dc79a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-126-running-a-mainframe-on-your-laptop-for-fun-and-profit","url":"https://api.media.ccc.de/public/events/e6690a1a-95a9-58cb-b016-91e6b58dc79a","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"bcb70852-acef-5197-8b73-7e0c1728bec2","title":"Screaming into the void: All e-signatures in the world are broken!","subtitle":null,"slug":"mch2022-214-screaming-into-the-void-all-e-signatures-in-the-world-are-broken-","link":"https://program.mch2022.org/mch2022/talk/TW9ECH/","description":"E-signatures in your country are insecure.\nThey have been hacked 10 years ago.\nEveryone knew that but no one wanted to talk about it since there is no easy fix.\n\nWe decided to create a PoC and poke the government with it.\n\nThis is a story on what happened.\n\n⭐ PoCs included ⭐\n\nElectronically signed documents were a great relief to organizing our daily life during the pandemic. They have actually been helping us for many years (depending on the country).\n\nIt's been known for some time that **dynamic content + e-signatures = trouble**, but we were surprised that no one has really done anything about it.\nIn 2021 we got tired of explaining the vulnerability each partner that sends in a vulnerable asice for signing, so we created multiple practical PoC that allow you to modify content of e-signed documents post-signing.\n\nSome of these PoC work against many countries. And there is PoC for every single country.\n\n- What is the actual impact?\n- Why is no-one fixing this?\n- Can we even fix it?\n- What are we gonna do about it then?","original_language":"eng","persons":["Kirils Solovjovs"],"tags":["mch2022","214","2022","MCH2022 Curated content"],"view_count":692,"promoted":false,"date":"2022-07-23T10:20:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-08-11T23:00:06.081+02:00","length":1703,"duration":1703,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/214-bcb70852-acef-5197-8b73-7e0c1728bec2.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/214-bcb70852-acef-5197-8b73-7e0c1728bec2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/214-bcb70852-acef-5197-8b73-7e0c1728bec2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/214-bcb70852-acef-5197-8b73-7e0c1728bec2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-214-screaming-into-the-void-all-e-signatures-in-the-world-are-broken-","url":"https://api.media.ccc.de/public/events/bcb70852-acef-5197-8b73-7e0c1728bec2","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"cf7cb058-dea0-50dd-a07c-8c68518d85dc","title":"Reverse engineering the Albert Heijn app for fun and profit","subtitle":null,"slug":"mch2022-248-reverse-engineering-the-albert-heijn-app-for-fun-and-profit","link":"https://program.mch2022.org/mch2022/talk/F88JGH/","description":"The Albert Heijn, everyone (in the Netherlands at least) knows it. It's the largest supermarket chains here. They have a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage.\n\nThe Albert Heijn, everyone (in the Netherlands at least) knows it. It's one of the largest supermarket chains with a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage.\n\nAirMiles, tracking stamps for the current saving program, receipts, personal discounts. All these can be viewed or tracked within the Albert Heijn app. But, what if you want to track your savings over time? I want my pretty Grafana dashboard gosh darn it! \n\nThis talk will go into the story behind randombonuskaart.nl (a website for a 'random' bonuskaart right when you need it), talk about how your private API is not really private and how we can use the Albert Heijn API to track various data and do tedious actions for us.\n\nThe knowledge gained from this talk can also be used with other apps, but the Albert Heijn app proves for a very good example.","original_language":"eng","persons":["Nick Bouwhuis"],"tags":["mch2022","248","2022","MCH2022 Curated content"],"view_count":2056,"promoted":false,"date":"2022-07-23T18:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-04T21:15:05.918+01:00","length":1750,"duration":1750,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/248-cf7cb058-dea0-50dd-a07c-8c68518d85dc.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/248-cf7cb058-dea0-50dd-a07c-8c68518d85dc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/248-cf7cb058-dea0-50dd-a07c-8c68518d85dc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/248-cf7cb058-dea0-50dd-a07c-8c68518d85dc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-248-reverse-engineering-the-albert-heijn-app-for-fun-and-profit","url":"https://api.media.ccc.de/public/events/cf7cb058-dea0-50dd-a07c-8c68518d85dc","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"ae5637eb-39b8-5e73-82d7-00b130ac2e0f","title":"Censoring the internet \u0026 how to bypass it","subtitle":null,"slug":"mch2022-111-censoring-the-internet-how-to-bypass-it","link":"https://program.mch2022.org/mch2022/talk/VYSFLR/","description":"In recent times, internet censorship has increased throughout the world. With governments realising the potential of the internet in spreading information as well as misinformation. \nTo curb or rather control this, governments around the globe have taken to censoring parts of the internet by directing major ISPs to block access to those websites.\nThe ISPs around the globe have used different methods to block the access. Some resulting in DNS filtering to others doing SNI ( Server Name Information ) inspection.\nThere have been ways to bypass these restrictions, like DoH ( DNS over HTTPS ) and eSNI ( encrypted SNI ), now ECH ( Encrypted Client Hello ), supported by TLS 1.3.\nTo counter these, some authoritarian regimes ( like China ) have blocked eSNI traffic altogether, to be able to sniff the traffic and block the websites accordingly on their ‘Great Firewall’.\nI will be talking about how these different mechanisms of blocking user traffic works, by doing a live demo of packet analysis using wireshark.\nLater on in the talk, I will show a comparative study of the different ISPs around the globe and what their approaches are at blocking the internet ( if any ).\nAfter understanding how the technologies work, I will show ways to bypass the censorship by some open source tools, DIY solutions and finally some paid/managed alternatives. What are the things that one should look for when choosing one such paid solution.\nTowards the end, I will announce the open source repo for the tool used to conduct this project, where people can contribute and use it for their own research purposes.\n\nI am analysing some of the major ISPs 'around the globe' and how they’re blocking websites and easy + cost-effective ways to bypass them. There has been some previous research into this, but that has included some limited dataset, back in 2020. From then to now a few things have changed including the way ISPs are blocking websites.\nWith this project, I am trying to :\n\n1. Analyse the global censorship of internet\n    1. Globally, how different ISPs block the network traffic\n    2. Distribute the client globally and ask volunteers to run this at least once\n2. Release the client and server code as open source\n3. Publish all the data, country wise on a github repo for everyone to consume\n\nThe talk would be in two parts :\n- First : Where I talk about the technical nitty-gritties as to how censoring in modern times work.\n- Second : After understanding how the technologies work, we will try to bypass those by some open source tools, some DIY solutions and finally some paid/managed alternatives, what are the things to look for when choosing one such provider.\n\nHence, even for folks who aren't much into the technical details of censorship, would have some arsenal of tools to bypass it, by the end of the talk. \nStarting with the famous question : \n“What happens when you type a (https) URL in your browser and press enter ?”\nI will cover all the aspects, starting with \n1. DNS lookup\n2. TLS Handshake - ClientHello,TLS negotiation, ServerHello etc\n3. Encrypted Data Transfer\n\nAll of these would be shown a live demo of in wireshark, alongwith decrypting the traffic using certificates.\n\nExplaining these stages are important because each of these involve ISPs tampering with to censor the internet. Once we know how it’s done, we will figure out how to resolve this privacy issue. Like :\nStage \nHow ISPs censorConfirmation TestBypass\nDNS Lookup\nTheir own DNS as default\nDNS filtering\nCheck on dnsleaktest.com\nUse DoH ( DNS over HTTPS )\ndnscrypt\n\nTLS Handshake\nSNI Inspection\nUse the tool\nCheck on wireshark\nUse VPN\neCH\n\nFurther move on to ECH ( Encrypted Client Hello ) and why China hates it .\nShow a comparative analysis of the different ISPs I’ve tested using the tool.\n\nTowards the end talk about the open source tool, the client and server code themselves.\nThe tool, client app : \n1. Sends request to alexa top 1M domains\n2. Records packet response and to find what kind of filtering is in place ( if any )\n3. Sends data to central dashboard server for generating heatmaps and graphs\nThe tool, server app : \n\n1. Will consume all the JSON data and validate its findings.\n2. Generate heat maps for all the ISPs and different websites that are blocked.\n\nTalk about solutions to bypassing the censorship :\n1. Open source tools \u0026 solutions - DoH, changing default DNS etc\n2. DIY things - self hosted 1-click VPN, ephemeral on-demand sshtunnel etc\n3. Paid solutions - Things to look for when choosing one such paid solution","original_language":"eng","persons":["Aseem Shrey"],"tags":["mch2022","111","2022","MCH2022 Curated content"],"view_count":407,"promoted":false,"date":"2022-07-25T21:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-04-04T10:00:05.760+02:00","length":2968,"duration":2968,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/111-ae5637eb-39b8-5e73-82d7-00b130ac2e0f.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/111-ae5637eb-39b8-5e73-82d7-00b130ac2e0f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/111-ae5637eb-39b8-5e73-82d7-00b130ac2e0f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/111-ae5637eb-39b8-5e73-82d7-00b130ac2e0f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-111-censoring-the-internet-how-to-bypass-it","url":"https://api.media.ccc.de/public/events/ae5637eb-39b8-5e73-82d7-00b130ac2e0f","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"3a484219-60ac-53b0-a755-3df8aa44bb83","title":"IRMA and Verifiable Credentials","subtitle":null,"slug":"mch2022-166-irma-and-verifiable-credentials","link":"https://program.mch2022.org/mch2022/talk/3HTP8D/","description":"Nowadays, when a user wants to authenticate mostly centralized systems, such as DigiD in the Netherlands, are utilized. Extreme events can impact the reliability of such systems. Decentralized, and more privacy-preserving systems, such as [IRMA](https://irma.app/) can help to build more reliable authentication infrastructures. With IRMA, a user can store signed attributes, such as their full name or address, within the IRMA mobile app. Subsequently, the user can disclose a subset of her attributes to parties during an authentication session. The [Verifiable Credentials (VC)](https://www.w3.org/TR/vc-data-model/) standard helps to make such systems interoperable, that is, users can use attributes across different credential systems. With a proof of concept, we show how to make IRMA VC-compliant.\n\nDuring extreme events, such as power outages or big floods, centralized systems are especially vulnerable as their availability can be impacted. This could result in that the whole system is unusable. Therefore, it is beneficial to develop decentralized infrastructures, as one is not dependent on centralized components.\n\nDigital authentication nowadays is mostly done via centralized systems, such as DigiD, the authentication system of governmental services in the Netherlands. Every authentication session goes through a central authority, which makes the system centralized. Additionally, from a privacy-perspective, an issue is that such a system can keep track on which sites users authenticate. To achieve more system reliability and more user privacy, it is desirable to develop authentication systems that are working in a more decentralized manner.\n\nOne existing solution to this challenge is [IRMA](https://irma.app/). IRMA stands for I Reveal My Attributes and is developed by the Dutch non-profit organization [Privacy By Design](https://privacybydesign.foundation/). A central element of IRMA is a mobile app, which the foundation promotes as a digital passport on your own mobile device. Users can collect signed attributes, a set of attributes is called a credential, from authoritative parties. An attribute is for instance, your Dutch BSN, full name, or email address. IRMA protects the privacy of individuals by letting the individuals decide which attributes they want to disclose to whom, and by implementing advanced cryptography, including zero-knowledge proof techniques. Consequently, the receiving party can validate the authenticity of the disclosed credentials without the need to contact the party that issued the credentials.\n\n[Verifiable Credentials (VC)](https://www.w3.org/TR/vc-data-model/) is a standard developed by the W3C. It provides a data model and a syntax aiming to make credential systems interoperable, for instance, it can enable users to disclose credentials issued by one system to another system.\n\nCurrently, IRMA can only be used within the IRMA ecosystem, that is, among servers and mobile apps that use the IRMA attributes. However, it would be desirable that people are able to use such advanced technologies and authentic attributes on the entire web across different systems. This avoids that people need different apps to be used, that could contain the same attributes, with different systems. Our research shows that it is possible to make IRMA VC-compliant via a proof of concept. Subsequently, through VCs, IRMA attributes are available for servers and apps outside the IRMA ecosystem. Similarly, other credentials can become universally verifiable.\n\nAs decentralized systems become increasingly more available, governments and other organizations can utilize reliable and privacy protecting authentication widely. This benefits everyone – even and especially during extreme events.","original_language":"eng","persons":["Daniel Ostkamp"],"tags":["mch2022","166","2022","MCH2022 Curated content"],"view_count":111,"promoted":false,"date":"2022-07-24T10:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-01-08T19:00:15.207+01:00","length":1847,"duration":1847,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/166-3a484219-60ac-53b0-a755-3df8aa44bb83.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/166-3a484219-60ac-53b0-a755-3df8aa44bb83_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/166-3a484219-60ac-53b0-a755-3df8aa44bb83.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/166-3a484219-60ac-53b0-a755-3df8aa44bb83.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-166-irma-and-verifiable-credentials","url":"https://api.media.ccc.de/public/events/3a484219-60ac-53b0-a755-3df8aa44bb83","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"9b651a2f-32cb-534c-9b53-01caebc93cb4","title":"FreeSewing: sewing patterns based on code","subtitle":null,"slug":"mch2022-78-freesewing-sewing-patterns-based-on-code","link":"https://program.mch2022.org/mch2022/talk/M9JWKM/","description":"Tired of clothing stores not having your size, or that you're stuck in between sizes? So was Joost de Cock, he didn't - and doesn't - like how clothing stores base their clothing sizes on an imaginary average person; every person has a different body. That got him to found FreeSewing: the open-source platform that translates custom measurements into well-fitting sewing patterns with code.\n\nThe platform is working towards becoming the Wikipedia of sewing patterns, with new patterns being released every few months, plus a bunch of guides on how to sew. The platform also provides guides for designers and developers, to transform patterns into code. \n\nThis system based on code allows not only for custom measurements, but also for tweaking the pattern (e.g. longer sleeves, or a crop top) and recycling parts of one pattern into another - whereas a traditional sewing pattern is based on the measurements of a perfect mannequin, which is then graded up and down for different body types, which is known to have many downsides.\n\nThis talk will not be held by founder Joost de Cock himself, but by an enthusiastic contributor. He will gladly go more in depth on how the code works, common pitfalls, the motivation behind it and how it helps against the rise of fast fashion - maybe encouraging some to pick up sewing themselves?\n\nA platform that can make tailored sewing patterns, it sounds great - but how does it work exactly? \n\nIt definitely is an upgrade from traditional sewing patterns. Making sewing patterns may sound easy: they are pieces of fabric, shaped in a specific way and sewn in a specific way. For example, a t-shirt pattern will have these parts: a front, a back and sleeves. But to figure out the right shape, the average pattern designer will make their design based on the shape of their perfect mannequin, and they grade it up and down for different body types. Adapting the pattern for a different shape can be a tedious task. That's where FreeSewing comes into play: sewing patterns aren't based on the measurements of one fit model, but they're parameters; they vary based on what the user puts into the system.\n\nAnd the platform doesn't just provide sewing patterns; it also has a lot of guides available, for general sewing, specific sewing patterns and even on how to code a pattern into the system. This makes it not just a platform for sewists, but also for designers and developers.\n\nSo, enough about how cool I think it is, what exactly do I mean with \"sewing patterns based on code\"? FreeSewing is written in JavaScript and the technique is quite similar to how you would draw a traditional pattern: a bunch of lines for the right measurements, but now a system is drawing those lines for you. A line needs a beginning point and an end point, usually also points that determine the curve; the 'coordinates' of these points are based on the measurements.\n\nThe sewing patterns aren't just based on custom measurements, but you can also tweak them however you'd like (and within what's possible), e.g. wanting longer sleeves, or a crop top. Another advantage of having code as a base is that you can 'recycle' pattern parts from one sewing pattern into another.\n\nNot just the sewing patterns are easily accessible online, but also the software needed to create the code: the core library and patterns are available both for NodeJS and the browser. The code and markdown content is hosted by [Github](https://github.com/freesewing/). \n\nI'm happy that this project wasn't created by a capitalist overlord, but by someone who wanted to change the world for the better. Now there are a lot of sewing patterns available for all types of bodies and I hope it will encourage more people to start sewing their own clothes. Sewing is difficult to learn, not to mention coding, but it's so worth it. Luckily FreeSewing has a vibrant community where there's always someone ready to help with problems. My goal is to share this enthusiasm with others and maybe encourage some to pick up sewing or help out with coding.","original_language":"eng","persons":["Lexander"],"tags":["mch2022","78","2022","MCH2022 Curated content"],"view_count":198,"promoted":false,"date":"2022-07-23T21:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-22T06:00:03.255+01:00","length":1865,"duration":1865,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/78-9b651a2f-32cb-534c-9b53-01caebc93cb4.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/78-9b651a2f-32cb-534c-9b53-01caebc93cb4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/78-9b651a2f-32cb-534c-9b53-01caebc93cb4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/78-9b651a2f-32cb-534c-9b53-01caebc93cb4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-78-freesewing-sewing-patterns-based-on-code","url":"https://api.media.ccc.de/public/events/9b651a2f-32cb-534c-9b53-01caebc93cb4","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"6e357cb9-8f5a-5490-846c-70f3c0d23838","title":"Literally Hacking the Planet: How Earth Systems Models Work","subtitle":null,"slug":"mch2022-181-literally-hacking-the-planet-how-earth-systems-models-work","link":"https://program.mch2022.org/mch2022/talk/TKTHUG/","description":"People have been modeling different parts of Earth's systems for decades, on different scales and with different goals from short term weather forecasting through actuarial risk prediction to long term climate models. In this talk I'll explore some of the typical models, methods, data formats, infrastructure layouts and design assumptions that go into such models, and discuss some low hanging fruit available to improve them.\n\nEarth is a pretty complicated system, consisting of numerous sub-systems operating at different time and energy scales. All the systems are strongly coupled. These include the atmosphere, oceans, freshwater, cryosphere and biosphere, all of which can be further subdivided by various schemes. \n\nThe problems facing people trying to model these systems are numerous: there's a lot of data, all of it is bad, most of the code is written in Fortran, and all of it is horribly slow.\n\nTo make matters worse, modeling Earth is computationally intractable without some simplifying assumptions. For instance, if your global grid for weather prediction has \"pixels\" that represent more than 16km², the physical parameterization can't \"see\" convection, so you miss most storms. And yet somehow people manage.\n\nIn this talk, we'll start with a brief introduction to how some Earth systems work, describe some parameterizations, and then look at different free software/open source models operating under different domains, assumptions, and scales. Finally, we'll do a quick review of some of the many places where there is room for improvement.","original_language":"eng","persons":["Smári McCarthy"],"tags":["mch2022","181","2022","MCH2022 Curated content"],"view_count":213,"promoted":false,"date":"2022-07-23T10:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-05T11:15:07.929+01:00","length":2904,"duration":2904,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/181-6e357cb9-8f5a-5490-846c-70f3c0d23838.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/181-6e357cb9-8f5a-5490-846c-70f3c0d23838_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/181-6e357cb9-8f5a-5490-846c-70f3c0d23838.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/181-6e357cb9-8f5a-5490-846c-70f3c0d23838.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-181-literally-hacking-the-planet-how-earth-systems-models-work","url":"https://api.media.ccc.de/public/events/6e357cb9-8f5a-5490-846c-70f3c0d23838","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"c0431269-1f51-592d-a30b-c4568acdd315","title":"Everything is an input device (fun with barcodes)","subtitle":null,"slug":"mch2022-254-everything-is-an-input-device-fun-with-barcodes-","link":"https://program.mch2022.org/mch2022/talk/LFTLBD/","description":"If we consider technology sufficiently advanced indistinguishable from magic, then the closest we get to ancient magical glyphs are barcodes. In this talk, we will show how barcodes are not just simple numbers, but can be used to control the machines.\n\nIf we consider technology sufficiently advanced indistinguishable from magic, then the closest we get to ancient magical glyphs are barcodes. In this talk, we will show how barcodes are not just simple numbers, but can be used to control the machines.\n\nIn this talk we do a brief introduction into barcodes, the way they are built, their uses and their misuses. This will be illustrated with a couple of examples of misuses in the real world.\n\nAfter this, we will demonstrate how a common implementation of (barcode)-scanning is vulnerable to a deceptively simple attack, which can lead to some interesting results.","original_language":"eng","persons":["Muse","Jasper"],"tags":["mch2022","254","2022","MCH2022 Curated content"],"view_count":5390,"promoted":false,"date":"2022-07-23T12:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-24T16:15:09.325+01:00","length":1821,"duration":1821,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/254-c0431269-1f51-592d-a30b-c4568acdd315.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/254-c0431269-1f51-592d-a30b-c4568acdd315_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/254-c0431269-1f51-592d-a30b-c4568acdd315.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/254-c0431269-1f51-592d-a30b-c4568acdd315.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-254-everything-is-an-input-device-fun-with-barcodes-","url":"https://api.media.ccc.de/public/events/c0431269-1f51-592d-a30b-c4568acdd315","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"65ee2300-f36f-5bc8-8ac9-aa02a5b46dc4","title":"A Smart Light Hacking Journey","subtitle":null,"slug":"mch2022-191-a-smart-light-hacking-journey","link":"https://program.mch2022.org/mch2022/talk/WKJKEY/","description":"Smart lights have become pervasive in many homes, but they are often designed in such a way that makes them completely reliant on the manufacturer's servers and connectivity to the Internet. However, we would much rather be fully in control of our own devices.\n\nAs a target, we took on the cheap and popular Tuya white-label smart lights, which can be commonly found under many different brand names.\n\nIn this talk, we'll take you on a trip through our 1-year journey of hacking these devices, including the details of finding and remotely exploiting a vulnerability in the firmware for devices based on the custom BK7231 SoC.\n\nSmart lights have become pervasive in many homes, but they are often designed in such a way that makes them completely reliant on the manufacturer's servers and connectivity to the Internet. However, for people who want full control of their own devices, there weren't many affordable and easily usable options. \n\nOne such option became available near the end of 2018 when a vulnerability was discovered in the firmware of smart devices manufactured by Tuya Smart. Shortly after the discovery of said vulnerability, a project by the name of tuya-convert popped up. It allowed its users to remotely flash Tuya devices with custom firmware by exploiting the - at the time - new vulnerability.\n\nBy 2020, however, tuya-convert stopped working for an increasing number of new devices. The manufacturer had patched the vulnerability, and unexploitable devices have begun showing up on the market. That's when we decided to look for the next vulnerability for Tuya's smart devices in order to allow remote custom firmware flashing once more.\n\nWe spent some time hacking on early devices which were based on the ESP8266 platform, and a while later switched to the newer devices based on the custom BK7231 SoC. During the course of our research, we found issues in firmware on both platforms and rediscovered some helpful reversing techniques.\n\nIn this talk, we'll cover our research journey with its ups and downs on both platforms, as well as the details of a memory corruption vulnerability which we exploited on the BK7231-based devices.","original_language":"eng","persons":["Khaled Nassar","Tom \"Halcyon\" Clement"],"tags":["mch2022","191","2022","MCH2022 Curated content"],"view_count":504,"promoted":false,"date":"2022-07-26T10:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-24T00:45:02.534+01:00","length":2928,"duration":2928,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/191-65ee2300-f36f-5bc8-8ac9-aa02a5b46dc4.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/191-65ee2300-f36f-5bc8-8ac9-aa02a5b46dc4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/191-65ee2300-f36f-5bc8-8ac9-aa02a5b46dc4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/191-65ee2300-f36f-5bc8-8ac9-aa02a5b46dc4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-191-a-smart-light-hacking-journey","url":"https://api.media.ccc.de/public/events/65ee2300-f36f-5bc8-8ac9-aa02a5b46dc4","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"41f0d7f1-7c7f-528e-b10c-69c9f34db44e","title":"Guardians of the Dutch healthcare","subtitle":null,"slug":"mch2022-161-guardians-of-the-dutch-healthcare","link":"https://program.mch2022.org/mch2022/talk/RHXDFR/","description":"In 2017 (just before SHA2017) the Dutch healthcare sector came together to create Stichting Z-CERT, the Zorg Computer Emergency Response Team. A nonprofit to protect and advise the Dutch Healthcare sector. What started as a small startup has now grown into a scaleup with the ambitions to match. \nThe COVID-19 pandemic restarted the discussion about whether or not healthcare is vital infrastructure. With NIS2 the role and importance of Z-CERT will only grow from here on. \nThis talk is not to intended to be a corporate “Look how great we are and what kind of sexy products we have. BUY OUR STUFF.” No, we want to simply show what we do and what we learned in 5 years of being a CERT. This might help our (future) fellow CERT’s and the community.\n\nThis talk is not to intended to be a corporate “Look how great we are and what kind of sexy products we have. BUY OUR STUFF.” No, we want to simply show what we do and what we learned in 5 years of being a CERT. These lessons include:\n- how to startup a sectoral CERT\n- How to build a community of members of your constituency\n- Connecting with fellow CERT organizations\n- Tools of the trade\nThis might help our (future) fellow CERT’s and the community.","original_language":"eng","persons":["NelusTheNerd"],"tags":["mch2022","161","2022","MCH2022 Curated content"],"view_count":105,"promoted":false,"date":"2022-07-26T12:20:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-10-13T21:15:09.788+02:00","length":1565,"duration":1565,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/161-41f0d7f1-7c7f-528e-b10c-69c9f34db44e.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/161-41f0d7f1-7c7f-528e-b10c-69c9f34db44e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/161-41f0d7f1-7c7f-528e-b10c-69c9f34db44e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/161-41f0d7f1-7c7f-528e-b10c-69c9f34db44e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-161-guardians-of-the-dutch-healthcare","url":"https://api.media.ccc.de/public/events/41f0d7f1-7c7f-528e-b10c-69c9f34db44e","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"bb8f21b7-b700-5434-8ef1-c2c35a95e801","title":"Gigatron - creating a hobby kit","subtitle":null,"slug":"mch2022-56-gigatron-creating-a-hobby-kit","link":"https://program.mch2022.org/mch2022/talk/33EPHD/","description":"The Gigatron is a microcomputer without a microprocessor. It was made into a DIY electronics kit and sold over 1000 pieces from 2018 to 2020. It is now open source. In this talk, I will not go into the working of the kit, but explain what you need to think about when creating a kit and keeping it manageable. Think of what to design, sourcing components, testing, preventing too many support calls and more.\n\nThe Gigatron is a microcomputer without a microprocessor. During the design phase, a decision was made to maybe make it into a Do-It-Yourself electronics kit. Many design decisions have been influenced by that decision, as creating a unique prototype is a lot different from creating a succesful kit.\n\nIn this talk, I will go over some of these design decisions. I think the majority of them worked out very well, as over 1000 kits were sold between 2018 and 2020, before the Gigatron becoming open source. These design decisions were influenced by other kit builders, who had already gone through that process, like the people behind the PiDP-8 and Enigma-E. \n\nI would like to share some of that knowledge, so you can also stand on the shoulders of the giants before me. And of course to also stimulate the attendees to make their hobby project into a kit.\n\nNo previous knowledge is needed. The talk is aimed at people wanting to turn their hobby project into a kit project.","original_language":"eng","persons":["gigawalt"],"tags":["mch2022","56","2022","MCH2022 Curated content"],"view_count":214,"promoted":false,"date":"2022-07-24T23:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-02-04T20:30:10.372+01:00","length":3011,"duration":3011,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/56-bb8f21b7-b700-5434-8ef1-c2c35a95e801.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/56-bb8f21b7-b700-5434-8ef1-c2c35a95e801_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/56-bb8f21b7-b700-5434-8ef1-c2c35a95e801.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/56-bb8f21b7-b700-5434-8ef1-c2c35a95e801.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-56-gigatron-creating-a-hobby-kit","url":"https://api.media.ccc.de/public/events/bb8f21b7-b700-5434-8ef1-c2c35a95e801","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"e21786e6-3b35-5f18-ac3b-f9ae76c47c7c","title":"Freedom, Ownership, Infrastructure, and Hope","subtitle":null,"slug":"mch2022-283-freedom-ownership-infrastructure-and-hope","link":"https://program.mch2022.org/mch2022/talk/VPKCC7/","description":"How should we live together? How do we make a complex, interdependent, infrastructural society less exploitive?  In this talk, we'll try to frame questions, if not answers, grounded in the context of the political changes required to mitigate and survive climate change, global fascism, and hypercapitalism.\n\nThis talk starts from two threads.  First, the common understanding of \"freedom\" derives from the institution of slavery.  Looking at alternate definitions provides the foundation for rethinking the building blocks of society and human interaction.  Second, climate change represents an immediate existential threat to human civilization, but mitigating it is no longer a question of technology — only of collective will.\n\nIf we insist on maintaining existing structures of ownership and inequality, we significantly reduce our chance of survival.  However, these questions of freedom, ownership, and equity aren't just political questions, they're directly encoded in the infrastructure we all rely on to survive — that same infrastructure that we currently need to replace, almost wholesale.\n\nIn reality, any path to survival will imply a muddle of adaptation, mitigation, replacement, and elimination, both of infrastructural components and of elements of the social contract and its governance systems.  Harm reduction is more important and more probable than ideologically perfect revolutions (or even evolutions).  However, plausible visions of the future are a critical ingredient for the hope we need to continue the work, and will also directly shape that work.\n\nMost folks who live in ownership societies (almost everyone, now) find the idea of moving away from an ownership model terrifying, because it means giving up those things that give them a sense of security.  Understanding the emotional interiority of life in a post-ownership society can change that, and understanding the dynamics of different freedoms can help us understand how we might get there.\n\nAs people who build infrastructure, we can play with the social models our infrastructure encodes — and have been doing so for decades.  Likewise, we can (and have been) rebuilding pieces of the social contracts that shape our personal lives.  This talk aims to leave you with new questions and new directions for that work.","original_language":"eng","persons":["Eleanor Saitta"],"tags":["mch2022","283","2022","MCH2022 Curated content"],"view_count":340,"promoted":false,"date":"2022-07-24T12:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-01-22T22:45:10.247+01:00","length":3041,"duration":3041,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/283-e21786e6-3b35-5f18-ac3b-f9ae76c47c7c.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/283-e21786e6-3b35-5f18-ac3b-f9ae76c47c7c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/283-e21786e6-3b35-5f18-ac3b-f9ae76c47c7c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/283-e21786e6-3b35-5f18-ac3b-f9ae76c47c7c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-283-freedom-ownership-infrastructure-and-hope","url":"https://api.media.ccc.de/public/events/e21786e6-3b35-5f18-ac3b-f9ae76c47c7c","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"fac725f6-8051-5108-8f8f-4e9d6d9632c3","title":"Meta-Press.es","subtitle":"Decentralized search engine for press reviews","slug":"mch2022-249-meta-press-es-decentralized-search-engine-for-press-reviews","link":"https://program.mch2022.org/mch2022/talk/ZRSJMG/","description":"Meta-Press.es is a WebExtention to help you exploring the online press, with no middlemen between the newspapers and your web browser. It allows you to discover millions of results within seconds and lists the last ones of each sources. Searches can be scheduled and results can be selected and exported.\r\n\r\nMeta-Press.es is a free software project built as a decentralized alternative to Google News. It is developed by Simon Descarpentries, ex-member of La Quadrature du Net, treasurer of the Fund for Defense of Net Neutrality FDN2.org and web artisan with 20 years of experience.\r\n\r\nMeta-Press.es runs entirely from your web browser and requires nothing else than online newspapers with internal search features to run. It supports currently more than 500 sources (newspapers, scientific press, online agendas…) but everything is made to help users contributing more sources.\r\n\r\nUsing Meta-Press.es, there is no data sent to third parties (including our servers). We're not asking the users to believe us about the respect of their privacy, it's a matter of verifiable fact. No Meta-Press.es servers also means that Meta-Press.es is not a single point of failure, surveillance or censorship, like GAFAM are. \r\n\r\nMeta-Press.es helps you evading the swamp of third-party trackers and it works great from a Tor Browser.","original_language":"eng","persons":["Siltaar"],"tags":["mch2022","249","2022","MCH2022 Curated content"],"view_count":81,"promoted":false,"date":"2022-07-25T10:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2025-07-24T11:30:09.035+02:00","length":2957,"duration":2957,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/249-fac725f6-8051-5108-8f8f-4e9d6d9632c3.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/249-fac725f6-8051-5108-8f8f-4e9d6d9632c3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/249-fac725f6-8051-5108-8f8f-4e9d6d9632c3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/249-fac725f6-8051-5108-8f8f-4e9d6d9632c3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-249-meta-press-es-decentralized-search-engine-for-press-reviews","url":"https://api.media.ccc.de/public/events/fac725f6-8051-5108-8f8f-4e9d6d9632c3","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"0c44d124-bfe7-56cc-8631-f2b424198be2","title":"Building a cheap laser harp for percussionists","subtitle":null,"slug":"mch2022-148-building-a-cheap-laser-harp-for-percussionists","link":"https://program.mch2022.org/mch2022/talk/KBEJVL/","description":"A laser harp is a magic musical instrument that makes sounds from light beams.\nEver since Jean-Michel Jarre used a laser harp in his live concerts to play Rendez Vous 2, many people have dreamt to play one. But they are ridiculously expensive!\nKlaas van Gend will discuss his ongoing journey with Pascal Ahout to design a cheap and simple laser harp suitable for a local percussionist group. A revolutionary simple laser harp, using only an Arduino board, and no moving parts.\nHopefully, at the time this talk happens, the design is ready to be demoed, so we’ll end with a live demo or a video recording showcasing our working laser harp.\n\nThe director from St. Caecilia percussionists group Lieshout-Mariahout in Brabant always wants to go beyond just playing music. He loves to bring in nonstandard instruments, video or lighting tricks.\nFor an upcoming show, he wants to compose a new piece with a laser harp.\nAs usual, he came to his audio and lighting engineer Pascal Ahout, who asked software engineer Klaas van Gend to join in.\nTogether, they started designing a reliable laser harp from scratch, reviewing various sources on the internet and revisiting all design decisions. Their laser harp design looks remarkably different – no moving parts, no complex optics and cheap!\nThis talk will show the design process, implementation details and hopefully the results.\nIndeed: the development is not done yet. So we may end the talk explaining why our ideas weren’t smart enough… We’ll have to see!\nBut we intend to end with a working demo.","original_language":"eng","persons":["Klaas van Gend","Pascal Ahout"],"tags":["mch2022","148","2022","MCH2022 Curated content"],"view_count":133,"promoted":false,"date":"2022-07-24T13:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-03T05:15:03.336+01:00","length":2541,"duration":2541,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/148-0c44d124-bfe7-56cc-8631-f2b424198be2.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/148-0c44d124-bfe7-56cc-8631-f2b424198be2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/148-0c44d124-bfe7-56cc-8631-f2b424198be2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/148-0c44d124-bfe7-56cc-8631-f2b424198be2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-148-building-a-cheap-laser-harp-for-percussionists","url":"https://api.media.ccc.de/public/events/0c44d124-bfe7-56cc-8631-f2b424198be2","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"61c2d2ed-1e79-5120-bcb5-5a307accf661","title":"Building modern and robust Web-Applications in 2021, without writing any JavaScript","subtitle":null,"slug":"mch2022-74-building-modern-and-robust-web-applications-in-2021-without-writing-any-javascript","link":"https://program.mch2022.org/mch2022/talk/L3HRXH/","description":"Building Web-Applications is hard. Making them scale is even harder. And nobody said anything about robust yet.\n\nLooking back over the past 25 years of Web-Development, not much has changed, except for tooling and languages. The approaches we use, also have not changed much. We still write lots of JavaScript, put special glue in between layers of languages, it's bleak.\n\nBuilding Web-Applications is hard. Making them scale is even harder. And nobody said anything about robust yet.\n\nLooking back over the past 25 years of Web-Development, not much has changed, except for tooling and languages. The approaches we use, also have not changed much. We still write lots of JavaScript, put special glue in between layers of languages, it's bleak.\n\nLet's have a look at the Phoenix Framework, a modern approach to building Web-Applications in Elixir, on the Erlang VM, without having to resort to a multitude of languages and frameworks.\n\nIn this talk we will\n- **NOT** pick a JavaScript framework like React or Angular\n- **NOT** write a single line of JavaScript\n- **NOT** care about Erlang or it's Syntax\n- **NOT** spend hours to making the application WebSocket-capable and feel \"live\"\n\nBut we will\n- write a state-of-the-art application that looks and feels professional in record time\n- have tests for every feature, buttons, links or forms we implement (test-coverage upwards of 90%)\n- have formatted our code, linted, error checked\n- run the test-suite, before every commit","original_language":"eng","persons":["Franz Bettag"],"tags":["mch2022","74","2022","MCH2022 Curated content"],"view_count":302,"promoted":false,"date":"2022-07-24T18:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-27T13:15:05.465+01:00","length":2622,"duration":2622,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/74-61c2d2ed-1e79-5120-bcb5-5a307accf661.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/74-61c2d2ed-1e79-5120-bcb5-5a307accf661_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/74-61c2d2ed-1e79-5120-bcb5-5a307accf661.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/74-61c2d2ed-1e79-5120-bcb5-5a307accf661.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-74-building-modern-and-robust-web-applications-in-2021-without-writing-any-javascript","url":"https://api.media.ccc.de/public/events/61c2d2ed-1e79-5120-bcb5-5a307accf661","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"ed084ea1-2ed9-4243-b638-87163073f3ce","title":"MCH2022 After Movie","subtitle":null,"slug":"mch2022-56032-mch2022-after-movie","link":"https://c3voc.de","description":"The MCH2022 After Movie\n\nThe MCH2022 After Movie","original_language":"eng","persons":["Elger/Stitch"],"tags":["import","56032","2023"],"view_count":1129,"promoted":false,"date":"2023-02-17T01:00:00.000+01:00","release_date":"2023-02-17T00:00:00.000+01:00","updated_at":"2026-03-01T21:30:06.630+01:00","length":345,"duration":345,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/56032-ed084ea1-2ed9-4243-b638-87163073f3ce.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/56032-ed084ea1-2ed9-4243-b638-87163073f3ce_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/56032-ed084ea1-2ed9-4243-b638-87163073f3ce.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/56032-ed084ea1-2ed9-4243-b638-87163073f3ce.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-56032-mch2022-after-movie","url":"https://api.media.ccc.de/public/events/ed084ea1-2ed9-4243-b638-87163073f3ce","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"6d0e0baf-5e9e-5305-a236-2dc4f155049d","title":"Lightning Talks Tuesday","subtitle":null,"slug":"mch2022-319-lightning-talks-tuesday","link":"https://program.mch2022.org/mch2022/talk/78PVXQ/","description":"Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks\n\nLightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks","original_language":"eng","persons":[],"tags":["mch2022","319","2022","MCH2022 Curated content"],"view_count":98,"promoted":false,"date":"2022-07-26T13:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-10-15T14:00:03.654+02:00","length":3219,"duration":3219,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/319-6d0e0baf-5e9e-5305-a236-2dc4f155049d.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/319-6d0e0baf-5e9e-5305-a236-2dc4f155049d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/319-6d0e0baf-5e9e-5305-a236-2dc4f155049d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/319-6d0e0baf-5e9e-5305-a236-2dc4f155049d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-319-lightning-talks-tuesday","url":"https://api.media.ccc.de/public/events/6d0e0baf-5e9e-5305-a236-2dc4f155049d","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"6a011245-5fde-5fe7-8e6a-224338176711","title":"Tech didn’t cause misinformation, and it won’t solve it (by itself)","subtitle":null,"slug":"mch2022-80-tech-didn-t-cause-misinformation-and-it-won-t-solve-it-by-itself-","link":"https://program.mch2022.org/mch2022/talk/MLVGMM/","description":"There’s no quick fix for the misinformation, disinformation, and lies were seeing in the world these days, and its natural for hackers want to work on the problems with the skills at hand. I’m going to talk about why, for hackers, that’s not necessarily a good move to do solo. I’ll go over mistakes I’ve seen way too many technologists and academics make when approaching the subject, where misinformation *really* comes from, and where the audience can harness what they’re good at.\n\nIt is deceptively easy to see misinformation as a data problem, as a societal issue of algorithms run amok on soulless social media platforms. However, just because the delivery of misinformation is purely technical, it doesn’t mean that the cause, or solution, is also technical. In the more than half a decade I have been working on factchecking misinformation and disinformation I have see this point lost over and over to technologist, hackers, hobbyists and academics.\n\nThis is a huge waste of talented resources, and in this talk I will go over why this is the case and explain the most serious problems that journalists, fact-checkers and politicians are facing. Hackers have been addressing large-scale issues for decades, and my talk will lay a framework down for how the MCH community and beyond can work on the lies that are propagated across the internet and the world.\n\nThere’s never been more of a need for help, and I will explain how to get the most bang for your buck.","original_language":"eng","persons":["Christopher Guess"],"tags":["mch2022","80","2022","MCH2022 Curated content"],"view_count":216,"promoted":false,"date":"2022-07-25T12:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-30T11:15:07.005+02:00","length":3059,"duration":3059,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/80-6a011245-5fde-5fe7-8e6a-224338176711.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/80-6a011245-5fde-5fe7-8e6a-224338176711_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/80-6a011245-5fde-5fe7-8e6a-224338176711.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/80-6a011245-5fde-5fe7-8e6a-224338176711.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-80-tech-didn-t-cause-misinformation-and-it-won-t-solve-it-by-itself-","url":"https://api.media.ccc.de/public/events/6a011245-5fde-5fe7-8e6a-224338176711","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"3a5c291c-f380-51a1-9123-73e8b0e8faf8","title":"Honey, let's hack the kitchen: ","subtitle":"Attacks on critical and not-so-critical cyber physical systems","slug":"mch2022-108-honey-let-s-hack-the-kitchen-attacks-on-critical-and-not-so-critical-cyber-physical-systems","link":"https://program.mch2022.org/mch2022/talk/C9FANR/","description":"Attacks on cyber physical systems are perceived as necessarily complex and requiring significant time and resources. However, in the last couple years we have also observed the inverse: simple attacks where actors with varying levels of skill and few resources gain access to software and interfaces that control physical processes. These compromises appear to be driven by ideological, egotistical, or financial objectives, taking advantage of an ample supply of internet-connected cyber physical systems. This is sometimes concerning, for example when it is affects panels for controlling processes in a water facilities or manufacturing processes. Sometimes, though, it is absurd, such as when the critical systems actors claim to compromise are in fact toys or domestic appliances. In this talk, we will share a series of stories of success and failure involving low sophistication compromises on cyber physical systems. We will describe the different types of cases we have observed, what the actors did, and how you can reproduce them for good. At last, we will discuss to what extent these crimes of opportunity represent a risk to cyber physical systems and what we can do about it.\r\n\r\nIn november 2021, I presented a version of this talk at a local non-profit event in Bergamo, Italy. For this event - NoHat - I focused on sharing the stories of low sophistication compromises we observed involving software used to control physical processes. However, for MCH I did some modifications in the title and the presentation itself to share not only the cases, but also how to reproduce them for good.\r\n\r\nThe purpose of this talk is to share with the audience how actors without necessarily a lot of skills or resources are using very simple tools to hack cyber physical systems. I will do some experiments to show very quick results the audience can get reproducing these techniques so that they learn how to find these internet-connected cyber physical assets and notify the owners.\r\n\r\nThe outline of the initial presentation was:\r\n\r\n•\tIntroduction\r\no\tStory: Hacked kitchen was supposed to be a gas system\r\n•\tDefine low sophistication cyber physical compromises\r\n•\t(De)evolution of cyber physical threats\r\no\tFrom state-sponsored to financial, and now opportunistic\r\n•\tDescribe low sophistication compromises of cyber physical systems\r\no\tDistribution and claims of exposed systems\r\no\tSeeming actor motivations\r\no\tCommon actor techniques\r\no\tTypes of evidence (or lack of)\r\n•\tLow Sophistication Threat Actors Access HMIs and Manipulate Control Processes\r\no\tOldsmar, Florida modified HMI on water facility\r\no\tIsrael’s advisory on compromises to water facility systems\r\no\tSolar energy and dam surveillance system\r\no\tHotel BAS\r\n•\tAmateur Actors Show Limited OT Expertise\r\no\t“Train control system” was in fact a human resources tool\r\no\tSecond “train control system” controls toy trains\r\no\tWebsite leaks claiming access to SCADA systems\r\n•\tHacktivist and Researcher Tutorials\r\no\tTwo hacktivist groups share tutorials for finding and compromising cyber physical systems\r\no\tResearchers have done too – including a couple examples, such as a recent script to identify tank gauges\r\n•\tDoes this activity pose an actual risk to cyber physical systems?\r\no\tEach incident provides threat actors with opportunities to learn more about OT, such as the underlying technology, physical processes, and operations.\r\no\tEven low-sophistication intrusions into OT environments carry the risk of disruption to physical processes, mainly in the case of industries or organizations with less mature security practices.\r\no\tThe publicity of these incidents normalizes cyber operations against OT and may encourage other threat actors to increasingly target or impact these systems.\r\n•\tOn the bright side…\r\no\tThere are safety methods in place that stop immediate computer instructions from modifying actual physical processes\r\n\tEngineering and human processes\r\n\tMissing security on the software side\r\n\r\nAdditional Materials:\r\nPlease find in this link our recent blog on this topic: https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html","original_language":"eng","persons":["Daniel Kapellmann Zafra"],"tags":["mch2022","108","2022","MCH2022 Curated content"],"view_count":212,"promoted":false,"date":"2022-07-23T14:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-12-29T13:19:05.661+01:00","length":2322,"duration":2322,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/108-3a5c291c-f380-51a1-9123-73e8b0e8faf8.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/108-3a5c291c-f380-51a1-9123-73e8b0e8faf8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/108-3a5c291c-f380-51a1-9123-73e8b0e8faf8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/108-3a5c291c-f380-51a1-9123-73e8b0e8faf8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-108-honey-let-s-hack-the-kitchen-attacks-on-critical-and-not-so-critical-cyber-physical-systems","url":"https://api.media.ccc.de/public/events/3a5c291c-f380-51a1-9123-73e8b0e8faf8","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"08b15f6e-bfcb-5cde-800d-ae32e41ce82a","title":"What if locks could talk; what stories would they tell?","subtitle":null,"slug":"mch2022-158-what-if-locks-could-talk-what-stories-would-they-tell-","link":"https://program.mch2022.org/mch2022/talk/ACWT8Y/","description":"Most security implementations leak information, mechanical security is no different. It takes sharp eyes, a soft touch, and a good hearing to distinguish between information and noise. In this talk we will go in depth on how locks works, and how we can persuade them to disclose their secrets, and open them without damage.\n\nThe Open Organization of Lockpickers (Toool) is a group of nerds obsessed with mechanical security. We create, collect, take apart, discuss, and attempt to defeat locks. While we are known for lockpicking, there are many other techniques for opening locks without damage. \n\nThis talk will focus on the language of the locks, the side channels in mechanical security systems. We will start with binding order, the mechanism to isolate the locking elements, and exploit them one by one. Then we will discuss a wide variety of other methods of gathering information and opening locks. Most of these methods are not practical, but working them out gives us great joy, and we would like to share the highlights with you.","original_language":"eng","persons":["Jan-Willem"],"tags":["mch2022","158","2022","MCH2022 Curated content"],"view_count":318,"promoted":false,"date":"2022-07-22T21:40:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2026-02-25T22:00:07.028+01:00","length":2729,"duration":2729,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/158-08b15f6e-bfcb-5cde-800d-ae32e41ce82a.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/158-08b15f6e-bfcb-5cde-800d-ae32e41ce82a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/158-08b15f6e-bfcb-5cde-800d-ae32e41ce82a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/158-08b15f6e-bfcb-5cde-800d-ae32e41ce82a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-158-what-if-locks-could-talk-what-stories-would-they-tell-","url":"https://api.media.ccc.de/public/events/08b15f6e-bfcb-5cde-800d-ae32e41ce82a","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"bd954a8c-670a-50be-b414-d59ea76aa5c6","title":"An Ontology Of Electronic Waste","subtitle":null,"slug":"mch2022-162-an-ontology-of-electronic-waste","link":"https://program.mch2022.org/mch2022/talk/QZDECX/","description":"This talk will investigate how the concept of private property has fundamentally altered our behavior towards the environment. We will investigate how an alternative ontology of electronic waste is needed and argue why dumpster diving, hacking and reverse engineering abandoned electronics is more relevant than ever to tackle this problem.\n\nWithin the discourse that surrounds the global rise in electronic waste, only a select range of subjects receive attention from the public - international relations, global waste management strategies and corporate greenwashing rhetoric that emphasizes a ‘circular’ economy. Although the legitimacy of these strategies can be debated, they fail to address the root of the problem. Following the pervasive concept of private property and how it has infiltrated the ways in which we think about ourselves, our relationships between each other and the environment, we will arrive at how this concept has solidified itself within the ontological frameworks we use to make sense of waste and electronic waste in particular. We will discuss how, when we get rid of the concept of private property (and subsequently the concept of waste), we can reimagine what abandoned electronics mean to us and how we can best address the incessant pressure from manufacturers to treat them as expendable, throw-away objects. We will discuss how collective dumpster diving, hacking and reverse engineering abandoned electronics might be a possible solution and present free and open source tools that could aid us in the process.","original_language":"eng","persons":["Maurits Fennis"],"tags":["mch2022","162","2022","MCH2022 Curated content"],"view_count":242,"promoted":false,"date":"2022-07-24T19:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-01-23T04:00:03.777+01:00","length":2886,"duration":2886,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/162-bd954a8c-670a-50be-b414-d59ea76aa5c6.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/162-bd954a8c-670a-50be-b414-d59ea76aa5c6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/162-bd954a8c-670a-50be-b414-d59ea76aa5c6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/162-bd954a8c-670a-50be-b414-d59ea76aa5c6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-162-an-ontology-of-electronic-waste","url":"https://api.media.ccc.de/public/events/bd954a8c-670a-50be-b414-d59ea76aa5c6","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"d285b4a1-3415-54be-9ca4-4f332d1e4b41","title":"OpenKAT: Looking at security with cat eyes","subtitle":null,"slug":"mch2022-260-openkat-looking-at-security-with-cat-eyes","link":"https://program.mch2022.org/mch2022/talk/UB3SGY/","description":"During crises – like COVID19 – software is made under immense pressure in a volatile environment. Security should focus on anything that makes one vulnerable. OpenKAT does this with real forensic proof, with the right context and useful in real life.\n\nThe COVID19-crisis forced to build dozens of software solutions rapidly with too few people under immense pressure. Meanwhile the threat level as well as the stakes are high. Failure is not an option yet guaranteed. You can no longer afford vague questions like are we secure? You need to find what makes you vulnerabilities before that hit you as well as soon as they hit you.\n\nWith dozens COVID-testing organizations to monitor, three countries to help, 17 projects to help come to life and to guard during operation security is an impossible job with the tools and people available. The options are simple: drown or find a trick to survive.The COVID19-crisis forced to build dozens of software solutions rapidly with too few people under immense pressure. Meanwhile the threat level as well as the stakes are high. Failure is not an option yet guaranteed. You can no longer afford vague questions like are we secure? You need to find what makes you vulnerabilities before that hit you as well as soon as they hit you.\n\nWith dozens COVID-testing organizations to monitor, three countries to help, 17 projects to help come to life and to guard during operation security is an impossible job with the tools and people available. The options are simple: drown or find a trick to survive.\nThe OpenKAT-project was started to fill in that gap to take a radical different approach on security while not discarding what we have already. KAT (cat in Dutch) delivers information on vulnerabilities in a forensic accurate manners, monitors environments and more over proves how things change over time. \n\nThe OpenKAT-project was started to fill in that gap to take a radical different approach on security while not discarding what we have already. Just like a cat you see more while looking at the same information just by interpreting it differently. KAT (cat in Dutch) delivers information on vulnerabilities in a forensic accurate manners, monitors environments and more over proves how things change over time.","original_language":"eng","persons":["Oscar Koeroo","Brenno de Winter"],"tags":["mch2022","260","2022","MCH2022 Curated content"],"view_count":390,"promoted":false,"date":"2022-07-25T20:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-04T16:00:08.463+01:00","length":2641,"duration":2641,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/260-d285b4a1-3415-54be-9ca4-4f332d1e4b41.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/260-d285b4a1-3415-54be-9ca4-4f332d1e4b41_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/260-d285b4a1-3415-54be-9ca4-4f332d1e4b41.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/260-d285b4a1-3415-54be-9ca4-4f332d1e4b41.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-260-openkat-looking-at-security-with-cat-eyes","url":"https://api.media.ccc.de/public/events/d285b4a1-3415-54be-9ca4-4f332d1e4b41","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"e8c945c4-d11c-5fc4-a469-cc4b975af772","title":"Trusted CDNs without gatekeepers","subtitle":null,"slug":"mch2022-198-trusted-cdns-without-gatekeepers","link":"https://program.mch2022.org/mch2022/talk/W7MB7H/","description":"I want a Web where CDNs are unnecessary.\n\nWhere different organizations, different website operators, can help each other out by hosting assets for each others' websites, thus spreading the load across many orgs in solidarity, instead of centralizing it in gatekeepers.\n\nI believe I might slowly be getting to a point of having a decent answer to that question. No blockchain required.\n\nWhat if I told you the [code for this is already mostly there](https://gitlab.com/rysiekpl/libresilient/)?\n\nAll major browsers support Service Workers and Subresource Integrity, which means we can have a piece of JS that:\n1. only gets updated from the original domain\n2. handles all requests for the website\n3. routes these requests to the original domain, or hits third party endpoints when the original domain is unavailable for whatever reason\n4. has ways of distributing and checking Subresource Integrity on any fetched resource.\n\nAnd we do!\n\nPoints 1. and 2. are assured by Service Workers API, so browsers enforce that.\n\nPoint 3. can be achieved with [LibResilient's the alt-fetch plugin](https://gitlab.com/rysiekpl/libresilient/-/blob/master/plugins/alt-fetch.js).\n\nPoint 4. is the job of [LibResilient's signed-integrity plugin](https://gitlab.com/rysiekpl/libresilient/-/blob/master/plugins/signed-integrity.js).\n\nThis is all very PoC. Documentation is lacking or non-existent. But it's already there, ready to be tested and improved.","original_language":"eng","persons":["rysiek"],"tags":["mch2022","198","2022","MCH2022 Curated content"],"view_count":298,"promoted":false,"date":"2022-07-24T14:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-21T13:30:07.084+01:00","length":2805,"duration":2805,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/198-e8c945c4-d11c-5fc4-a469-cc4b975af772.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/198-e8c945c4-d11c-5fc4-a469-cc4b975af772_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/198-e8c945c4-d11c-5fc4-a469-cc4b975af772.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/198-e8c945c4-d11c-5fc4-a469-cc4b975af772.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-198-trusted-cdns-without-gatekeepers","url":"https://api.media.ccc.de/public/events/e8c945c4-d11c-5fc4-a469-cc4b975af772","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"8021acd3-9860-5c31-bdcc-b1bdd25e4c87","title":"⚠️ May Contain Hackers 2022 Opening","subtitle":null,"slug":"mch2022-109--may-contain-hackers-2022-opening","link":"https://program.mch2022.org/mch2022/talk/JBNXAX/","description":"⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party?\n\nThis talk serves as an introduction to the camp. It tells how the camp works, what new features are being released, how to participate and what to be aware of.\n\nDuring this talk there will be some audio-trickery in the Abacus stage which can not be relayed to the recording or via the stream. As we cannot film audience reactions, know that it will be more epic than the final battle scene of LOTR.\n\nIn all seriousness: there are absolutely stunning new additions to the camp.\n\nI'm have to write at least 5","original_language":"eng","persons":["Elger \"Stitch\" Jonker"],"tags":["mch2022","109","2022","MCH2022 Curated content"],"view_count":841,"promoted":false,"date":"2022-07-22T17:00:00.000+02:00","release_date":"2022-07-22T00:00:00.000+02:00","updated_at":"2025-10-05T14:45:05.343+02:00","length":2078,"duration":2078,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/109-8021acd3-9860-5c31-bdcc-b1bdd25e4c87.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/109-8021acd3-9860-5c31-bdcc-b1bdd25e4c87_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/109-8021acd3-9860-5c31-bdcc-b1bdd25e4c87.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/109-8021acd3-9860-5c31-bdcc-b1bdd25e4c87.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-109--may-contain-hackers-2022-opening","url":"https://api.media.ccc.de/public/events/8021acd3-9860-5c31-bdcc-b1bdd25e4c87","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"ad11173a-3c0d-5604-ac45-35c2d8838952","title":"Using Passcrow to recover from lost passwords","subtitle":null,"slug":"mch2022-143-using-passcrow-to-recover-from-lost-passwords","link":"https://program.mch2022.org/mch2022/talk/GMA8VX/","description":"Have you ever forgotten a passphrase or lost a hardware token? Lost access to enough Bitcoin to buy a pizza or two? Encryption is fundamental to securing our liberties, but key and password management remain difficult even for professionals, let alone the general public.\n\nThis talk presents Passcrow, an Open Source project attempting to address one of crypto's largest usability issues: password and key recovery in a decentralized environment.\n\nPasscrow is a system for community-assisted secure “password escrow”, making it possible to recover from forgetting or losing a key, password or passphrase. Born out of a desire to make strong encryption easier (and safer!) to use for less technical users, the project is in an early stage of development - but code has been published and the system is usable today.\n\nPasscrow is many things: there is an underlying protocol, basic user experience guidelines, a client library for integration with other (Python) apps, an HTTP API server, and a command-line tool for making use of the system by hand. Potential applications include password managers, secure messengers, general purpose encryption tools (including OpenPGP and hard drive encryption) and cryptocurrency wallets.\n\nIn this talk, I will discuss the motivation and rationale for the project, demonstrate how the system works and talk about some of the challenges and design decisions we have seen so far.\n\nThe purpose of this talk is to solicit feedback and participation from the community; if you are interested in the subject, please come find me afterwards (my base at MCH will be The Quarantine Arms village) and let's have a chat! If you miss the talk, you can read about it at www.passcrow.org.\n\nPasscrow is a spin-off from Mailpile (www.mailpile.is), the secure e-mail client. Passcrow is inspired by Mailpile's experience attempting to make e-mail encryption more usable for less technical users, and will be used in future versions of the app.","original_language":"eng","persons":["Bjarni Rúnar Einarsson"],"tags":["mch2022","143","2022","MCH2022 Curated content"],"view_count":265,"promoted":false,"date":"2022-07-22T20:00:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2025-09-27T17:15:06.958+02:00","length":1785,"duration":1785,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/143-ad11173a-3c0d-5604-ac45-35c2d8838952.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/143-ad11173a-3c0d-5604-ac45-35c2d8838952_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/143-ad11173a-3c0d-5604-ac45-35c2d8838952.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/143-ad11173a-3c0d-5604-ac45-35c2d8838952.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-143-using-passcrow-to-recover-from-lost-passwords","url":"https://api.media.ccc.de/public/events/ad11173a-3c0d-5604-ac45-35c2d8838952","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"840802b4-a35c-5f4d-8560-22ef54132f6a","title":"Signal: you were the chosen one!","subtitle":null,"slug":"mch2022-196-signal-you-were-the-chosen-one-","link":"https://program.mch2022.org/mch2022/talk/7QRECD/","description":"This is a rant about how moving ecosystems are not a good reason for centralizing a crucial service, how stickers are no substitute for a desktop client that does not crash, and how effectively shutting out less popular OS platforms is just not cool.\n\nIn his seminal work [\"The ecosystem is moving\"](https://signal.org/blog/the-ecosystem-is-moving/), Moxie Marlinspike laid out clearly the reasons why it's impossible to do what [Matrix](https://en.wikipedia.org/wiki/Matrix_(protocol)), or [the Fediverse](https://fediverse.party/), or for that matter the Web, have done: create a dynamic, quickly-evolving ecosystem without centralizing it.\n\nFor years, as a person responsible for information security of at-risk reporters and their sources, I have been advocating Signal as a secure Internet messaging service. And with good reasons.\n\nCriticizing a security-sensitive tool like Signal is tricky, as it might be misconstrued as a call to abandon it, and move to alternatives that might be in fact worse. But here, at a hacker conference and with little risk of causing confusion and diverting users towards less secure platforms, can we please have an honest conversation about Signal's problems? And how 5 years after that blogpost, moxie's centralization has not solved them?..\n\nThere are good reasons to exert a level of control over what connects to a communication network. But effectively shutting out a community of developers that would love to implement Signal clients [for](https://gitlab.com/rubdos/whisperfish) [less](https://open-store.io/app/textsecure.nanuc) [popular](https://forum.pine64.org/showthread.php?tid=8505) [OSes](https://forums.puri.sm/t/how-can-you-install-signal-on-the-librem-5/10244) (many of which happen to attract the kind of infosec-aware crowd that used to be the core pushers of Signal) is not a good outcome.\n\nOpening up more on the client side and providing some form of independent client development program (starting with a stable API) would already help a ton. Even if it's just the desktop client that gets re-written in something that is not in essence a packaged browser [trailing it's upstream on security patches](https://news.ycombinator.com/item?id=22239791).\n\nFinally, we need to talk federation. Does it make moving fast and breaking things more difficult? Yes, yes it does, and that can be a good thing. It also makes the resulting federated service more resilient (one [service provider experiencing issues](https://www.indiatoday.in/technology/news/story/signal-users-globally-experiencing-issues-company-working-on-a-fix-1759524-2021-01-15) does not bring the whole network down). And, it lets others innovate without being locked out.","original_language":"eng","persons":["rysiek"],"tags":["mch2022","196","2022","MCH2022 Curated content"],"view_count":14881,"promoted":false,"date":"2022-07-23T23:20:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-29T20:00:05.717+02:00","length":1889,"duration":1889,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/196-840802b4-a35c-5f4d-8560-22ef54132f6a.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/196-840802b4-a35c-5f4d-8560-22ef54132f6a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/196-840802b4-a35c-5f4d-8560-22ef54132f6a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/196-840802b4-a35c-5f4d-8560-22ef54132f6a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-196-signal-you-were-the-chosen-one-","url":"https://api.media.ccc.de/public/events/840802b4-a35c-5f4d-8560-22ef54132f6a","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"6919a16c-0dcf-56af-ae0b-5fe0187bc896","title":"World in Vectors - Cross-platform Map Rendering using Rust","subtitle":null,"slug":"mch2022-265-world-in-vectors-cross-platform-map-rendering-using-rust","link":"https://program.mch2022.org/mch2022/talk/BRHLYE/","description":"Digital maps are ubiquitous tools in our everyday life. In the early 90s, the idea of browsing the world digitally and visiting any place was groundbreaking. The first solution to this problem is known as \"TerraVision\", which was breathtaking at that time. Today, the idea of exploring your surroundings using digital maps has become pretty normal.\n\nBut how do these maps work? In this talk, I want to provide an overview of the foundations of digital mapping solutions. Differences between maps which use vector data and rasterized satellite imaginary will be outlined. Furthermore, a new and open-source map renderer called [maplibre-rs](https://github.com/maplibre/maplibre-rs) will be presented, which is created using Rust and modern web technologies like WebWorkers and WebAssembly. Lastly, I want to show differences between commercial solutions and free and open-source ones.\n\nA lot of mobile and web applications depend on customizing and displaying maps. There are not many cross-platform solutions available. Some only work in the web. Some only work on mobile devices. \nFurthermore, there are only a few truly free and open-source mapping stacks available.\nI want to explain how [maplibre-rs](https://github.com/maplibre/maplibre-rs) can solve current challenges by leveraging a modern rendering stack.\n\nLast year I had a lot of spare time and decided to kick-start a project which combines different areas of interest: Rust, 3D rendering, Geo data\nThis project was adopted recently by the [MapLibre](https://maplibre.org/) project and is now known as [maplibre-rs](https://github.com/maplibre/maplibre-rs).\n\nThe [maplibre-rs](https://github.com/maplibre/maplibre-rs) library is a proof of concept which showed me the complexity of mapping solutions. It takes a lot of steps until edits from OpenStreetMap contributors are finally rendered in consumer applications. With this task I want to take listeners on a journey from drawing changes in the OpenStreetMap editor all the way until vectors are uploaded to from memory to GPUs.\n\nLike outlined in the abstract, I want to cover multiple topics:\n\n* Foundations of digital maps (How to determine which data should be loaded? What are vector and raster tiles?)\n* Show the technology stack which allows us to design and develop a cross-platform map renderer (Web, Mobile, Desktop)\n\nLastly, I want to provide a software developer perspective on mapping technologies.","original_language":"eng","persons":["Max Ammann"],"tags":["mch2022","265","2022","MCH2022 Curated content"],"view_count":853,"promoted":false,"date":"2022-07-24T21:40:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-15T11:15:05.467+01:00","length":1304,"duration":1304,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/265-6919a16c-0dcf-56af-ae0b-5fe0187bc896.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/265-6919a16c-0dcf-56af-ae0b-5fe0187bc896_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/265-6919a16c-0dcf-56af-ae0b-5fe0187bc896.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/265-6919a16c-0dcf-56af-ae0b-5fe0187bc896.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-265-world-in-vectors-cross-platform-map-rendering-using-rust","url":"https://api.media.ccc.de/public/events/6919a16c-0dcf-56af-ae0b-5fe0187bc896","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"e2da1961-a71b-590f-ace2-3d8f63b49f1c","title":"Threat modeling mechanical locking systems, by analyzing puzzles?","subtitle":null,"slug":"mch2022-208-threat-modeling-mechanical-locking-systems-by-analyzing-puzzles-","link":"https://program.mch2022.org/mch2022/talk/T8MCQW/","description":"Mechanical locks are everywhere and come in all shapes and flavors. But choosing the right lock can be rather difficult. For example, what is better? A lock that is hard to pick, or a lock with hard to duplicate keys. This talk will not give you the answers, but it will help you understand the trade-offs. Furthermore, we will have fun threat modeling our locks.\n\nIs lockpicking a threat you should be concerned about, or is the brick the tool you should care for? Jan-Willem, from The Open Organization of Lockpickers (Toool), will share his ideas on mechanical security and threat modeling. We will make it fun and use several case studies, starting with defining a lock, threat modeling mechanical puzzles, and use several case studies where the threat was overrated. Simply put, attacks against locks range from the trivial to mastery. I'll share multiple failed attempts of attacks that should be trivial, but were not in practice, and we will analyze them together.","original_language":"eng","persons":["Jan-Willem"],"tags":["mch2022","208","2022","MCH2022 Curated content"],"view_count":101,"promoted":false,"date":"2022-07-25T13:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-08-03T18:00:04.334+02:00","length":2118,"duration":2118,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/208-e2da1961-a71b-590f-ace2-3d8f63b49f1c.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/208-e2da1961-a71b-590f-ace2-3d8f63b49f1c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/208-e2da1961-a71b-590f-ace2-3d8f63b49f1c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/208-e2da1961-a71b-590f-ace2-3d8f63b49f1c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-208-threat-modeling-mechanical-locking-systems-by-analyzing-puzzles-","url":"https://api.media.ccc.de/public/events/e2da1961-a71b-590f-ace2-3d8f63b49f1c","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"d327ea41-aa8c-543e-82b5-838336b97e45","title":"How I made the municipality pay a 600.000 euro fine for invading your privacy","subtitle":null,"slug":"mch2022-300-how-i-made-the-municipality-pay-a-600-000-euro-fine-for-invading-your-privacy","link":"https://program.mch2022.org/mch2022/talk/LQRMFA/","description":"When gathering data for public services becomes privacy infringement and what you as a citizen can do about it. Or:  How I made the municipality pay a 600.000 euro fine for invading your privacy. \n\nIn September 2017 The Municipality of Enschede started tracking visitor movements in the city center 24/7 by registering their mobile phones WIFI MAC addresses. Is this an infringement on our privacy, even when the underlying identities remain concealed?\n\nIn September 2017 The Municipality of Enschede started tracking visitor movements in the city center 24/7 by registering their mobile phones WIFI MAC addresses. Is this an infringement on our privacy, even when the underlying identities remain concealed? Yes it is, claimed speaker and privacy activist Dave Borghuis. After a 4 year process the dutch DPA agreed and Enschede was charge a massive fine for its infringement. Now, can we learn from this case? Where does or should our privacy start? And what can we, as citizens, do to protect our freedom to move about in privacy?\n\nRead more on my blog https://daveborghuis.nl/wp/wifi-tracking/","original_language":"eng","persons":["Dave Borghuis"],"tags":["mch2022","300","2022","MCH2022 Curated content"],"view_count":279,"promoted":false,"date":"2022-07-23T16:20:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-09-02T22:45:04.613+02:00","length":1588,"duration":1588,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/300-d327ea41-aa8c-543e-82b5-838336b97e45.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/300-d327ea41-aa8c-543e-82b5-838336b97e45_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/300-d327ea41-aa8c-543e-82b5-838336b97e45.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/300-d327ea41-aa8c-543e-82b5-838336b97e45.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-300-how-i-made-the-municipality-pay-a-600-000-euro-fine-for-invading-your-privacy","url":"https://api.media.ccc.de/public/events/d327ea41-aa8c-543e-82b5-838336b97e45","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"a8ca0e16-c1e4-54bc-b2e4-2e739f977ceb","title":"All you never wanted to know about the Banking System and why it keeps crashing Economics.","subtitle":null,"slug":"mch2022-398-all-you-never-wanted-to-know-about-the-banking-system-and-why-it-keeps-crashing-economics-","link":"https://program.mch2022.org/mch2022/talk/T3CLJC/","description":"Based on the world´s first, and as far as we know still the only  accurate double entry bookkeeping based simulation of the banking system, we will talk through how fractional reserve banking really works from a network perspective, and how it has influenced both economic activity and economic theory in many unappreciated ways.\n\nIf you want to be able to predict what the central banks will do next, and how to make sensible financial decisions despite this, this is the talk to you. Inflation is back, and it´s still the same. We´ll also talk about ways to contribute to the development of economic models and simulations that are based on real economies, and not on a 30 year practice of fitting a very short mathematical ruler, to a very long curve.\n\nIt all started innocently enough, with an attempt to build a simple banking simulation in python of the standard Economics 101 textbook description of the banking system. This failed to work as soon as loan repayments were put in. The next version was a little more complicated, agent based, and used double entry book keeping, and the version after that added some simple economic features like widget producers and households (which actually makes it as sophisticated as \"sophisticated economic models\" (it´s still nowhere complete though), and has been used to enlighten/confuse several classes  of computer science students at Reykjavik University in Iceland.\n\nAlong the way we learnt how money gets created and destroyed, how several different kinds of bank regulation actually worked, identified several positive feedback loops in the financial system, how international money transfers don´t actually transfer money, and why it was probably inevitable cryptocurrency would re-invent fractional reserve banking right after they reinvented its book keeping.","original_language":"eng","persons":["Jacky"],"tags":["mch2022","398","2022","MCH2022 Curated content"],"view_count":877,"promoted":false,"date":"2022-07-24T15:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-30T19:15:06.209+02:00","length":3106,"duration":3106,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/398-a8ca0e16-c1e4-54bc-b2e4-2e739f977ceb.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/398-a8ca0e16-c1e4-54bc-b2e4-2e739f977ceb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/398-a8ca0e16-c1e4-54bc-b2e4-2e739f977ceb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/398-a8ca0e16-c1e4-54bc-b2e4-2e739f977ceb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-398-all-you-never-wanted-to-know-about-the-banking-system-and-why-it-keeps-crashing-economics-","url":"https://api.media.ccc.de/public/events/a8ca0e16-c1e4-54bc-b2e4-2e739f977ceb","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"8a6d76fd-6207-5d1a-986a-7d2722e43c6c","title":"ICS stands for Insecure Control Systems","subtitle":null,"slug":"mch2022-294-ics-stands-for-insecure-control-systems","link":"https://program.mch2022.org/mch2022/talk/KW7LDS/","description":"Last April we won Pwn2Own Miami by demonstrating five zero-day attacks against software that is commonly used in the ICS world. ICS, or Industrial Control Systems, are systems that are involved with running an industrial process, for example in a factory or power plant. Our targets range from SCADA to HMI systems. During this talk we would like to share details about the competition and the vulnerabilities we found.\n\nICS is an interesting field for security research. As a successful attack could have devastating results. Luckily the number of successful attacks that truly targeted ICS environments are scarce. At the same time this industry faces some difficult challenges, such as high availability requirements, old technology and a low security maturity.\n\nPwn2Own Miami is an annual edition of the Pwn2Own competition, that focuses solely on ICS applications. Targets range from OPC UA implementations (on of the main communication protocol in ICS), to data gateways and SCADA systems. They challenge competitors to find zero-days attacks against any of the targets. Participants need to demonstrate their zero-days by compromising a target machine running the latest version of the application.\n\nLast year we participated in the Pwn2Own Austin edition, which focused on Enterprise applications, with a zero-day chain against the Zoom client. This year we decided to participate in the ICS edition. It was a close race, but ultimately we beat the competing teams and won this year's edition. We demonstrated 3 RCE's, one DoS and an interesting certificate verification bypass, which in total was good for 90 points and $90,000.","original_language":"eng","persons":["Thijs Alkemade","Daan Keuper"],"tags":["mch2022","294","2022","MCH2022 Curated content"],"view_count":267,"promoted":false,"date":"2022-07-23T20:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-02-14T12:00:05.274+01:00","length":2619,"duration":2619,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/294-8a6d76fd-6207-5d1a-986a-7d2722e43c6c.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/294-8a6d76fd-6207-5d1a-986a-7d2722e43c6c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/294-8a6d76fd-6207-5d1a-986a-7d2722e43c6c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/294-8a6d76fd-6207-5d1a-986a-7d2722e43c6c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-294-ics-stands-for-insecure-control-systems","url":"https://api.media.ccc.de/public/events/8a6d76fd-6207-5d1a-986a-7d2722e43c6c","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"6d634c3c-b53a-5cff-98bc-b01b23663b86","title":"Digital Civil Disobedience","subtitle":null,"slug":"mch2022-239-digital-civil-disobedience","link":"https://program.mch2022.org/mch2022/talk/J9PRJK/","description":"Greenpeace is a direct action organisation. We have been doing physical direct civil disobedience actions for 50 years now. Civil disobedience has always played an important part in evolving democratic society if you look for instance at womens’ voting rights, the civil rights movement in the US and de ‘klimaatspijbelaars’. The digital realm is becoming more and more important in all of our lives. That is why we are working on a research project on what digital civil disobedience can look like. This is something else than mere ‘clicktivism’. What are the differences and similarities of online and offline civil disobedience? How do you 'drop' a digital banner or how do we digitally 'occupy' a building or mine? During this talk we want to tell about this project and give you an insight look on how we prepare disobedient actions at Greenpeace.\n\nGreenpeace is a direct action organisation. We have been doing direct civil disobedient actions for over 40 years now. At Greenpeace we know our strength and our weaknesses when doing actions in physical spaces. We scale buildings and hang banners, we have blocked the petrol harbour in Rotterdam (multiple times) and we stop oil/gas rigs from operating. All these kinds of actions are part of a struggle for a healthy climate and safe planet to live on and so ideologically motivated. \n\nThe right to protest is a fundamental European right, a right that is very dear to us and important when chased by the law. At Greenpeace we always look at new ways to do disobedient actions. This is why we started a research on how online actions can contribute to campaigns. The last few months we have been looking into the possibilities of digital civil disobedience actions. We looked at the risks, the actions and the possibilities it will bring. One thing we learned is that everyone we talk to about this topic is super excited.","original_language":"eng","persons":["Marleen"],"tags":["mch2022","239","2022","MCH2022 Curated content"],"view_count":305,"promoted":false,"date":"2022-07-23T13:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-02-01T10:30:08.708+01:00","length":2548,"duration":2548,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/239-6d634c3c-b53a-5cff-98bc-b01b23663b86.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/239-6d634c3c-b53a-5cff-98bc-b01b23663b86_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/239-6d634c3c-b53a-5cff-98bc-b01b23663b86.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/239-6d634c3c-b53a-5cff-98bc-b01b23663b86.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-239-digital-civil-disobedience","url":"https://api.media.ccc.de/public/events/6d634c3c-b53a-5cff-98bc-b01b23663b86","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"df317f66-7c09-50a1-b27a-7d7a51a6e396","title":"Ethics does not belong on the wall! Ethical framework for the use of location data","subtitle":null,"slug":"mch2022-64-ethics-does-not-belong-on-the-wall-ethical-framework-for-the-use-of-location-data","link":"https://program.mch2022.org/mch2022/talk/VJVH9E/","description":"The use of data is accelerating, not only owing to increasing technical possibilities like AI and earth observation, but also as a result of crises such as COVID-19 and climate change which accelerate the deployment of data and technology. This is happening on a small and local scale, as well as on a large and global one. Precisely because these data are potentially personal, and its use is becoming commonplace, it is urgent to internalize shared principles for the responsible use of data to achieve greater common value, better data and better products. These are preferably intrinsic principles that guarantee the safety and privacy of people, our social values and human dignity. In this talk we discuss an ethical framework for the use of location data. Together with the crowd we will investigate several dilemma's in which location data play an important role. How far can you go? Which values are more important? These are the kind of questions we will present and discuss.\n\nThe ethical framework is designed for the use of (personal) location data.\n\nHow do we ensure that the technology we develop is at the service of society? How do we respect shared public values and the individual rights when developing applications made possible by location data? With the discussions that have erupted around apps for monitoring the COVID-19 pandemic, it is clear that the answers to these questions are not crystal clear.\n\nThe purpose of the ethical reference is to inspire data users, but also policy makers and decision makers to help them collect, use and apply personal location data responsibly. Location data are all data that show where people are located and how they move, whether or not they can be traced. This data can, for example, be collected via mobile apps.\n\nIn this talk we discuss the different values that are conflicting in the use of location data. We present several dilemma's and cases and will involve the public actively in discussing these dilemma's. \n\nYou can find a concept of the ethical framework at https://www.geonovum.nl/themas/geo4covid/ethical-framework\nIn our work looking for responsible use of spatial data we are working together with W3C: https://w3c.github.io/sdw/responsible-use/","original_language":"eng","persons":["Frank Verschoor","Emily Daemen"],"tags":["mch2022","64","2022","MCH2022 Curated content"],"view_count":229,"promoted":false,"date":"2022-07-25T19:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-09-17T19:45:03.101+02:00","length":2781,"duration":2781,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/64-df317f66-7c09-50a1-b27a-7d7a51a6e396.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/64-df317f66-7c09-50a1-b27a-7d7a51a6e396_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/64-df317f66-7c09-50a1-b27a-7d7a51a6e396.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/64-df317f66-7c09-50a1-b27a-7d7a51a6e396.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-64-ethics-does-not-belong-on-the-wall-ethical-framework-for-the-use-of-location-data","url":"https://api.media.ccc.de/public/events/df317f66-7c09-50a1-b27a-7d7a51a6e396","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"f9f0e789-223e-552e-9700-58e1d0977481","title":"Electric Vehicles Are Going To Suck; Here's Why","subtitle":null,"slug":"mch2022-77-electric-vehicles-are-going-to-suck-here-s-why","link":"https://program.mch2022.org/mch2022/talk/M3D7UA/","description":"Electric vehicles present a real opportunity to take a step towards better designed, more reliable, and sustainable transport. Instead, electric cars have become nightmarishly complex gadgets whose limited lifespans will make them less sustainable than a diesel pickuptruck running on whale oil. This talk will explore the problem, and make a few suggestions as to what could be done about it.\n\nI want my next car to have an electric motor, I want it to push the boundaries of what is capable with a battery and I want it to be an automotive tour de force that represents a real advance over my gasoline car in terms of lifetime sustainability. The switch to electric cars represents an opportunity like no other to deliver a new type of car that doesn’t carry the baggage of what has gone before, but what I see in the electric cars available to me just doesn't live up to that dream. The car industry now makes cars that don't rust and don't wear out, so for planned obsolescence they now rely on technological complexity to ensure they reach the scrap heap long before their promise of true sustainability can be realised. This talk will attempt to deconstruct the problem, and look at how it might be remedied.","original_language":"eng","persons":["Jenny List"],"tags":["mch2022","77","2022","MCH2022 Curated content"],"view_count":7859,"promoted":false,"date":"2022-07-24T11:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-14T21:30:05.793+01:00","length":2325,"duration":2325,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/77-f9f0e789-223e-552e-9700-58e1d0977481.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/77-f9f0e789-223e-552e-9700-58e1d0977481_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/77-f9f0e789-223e-552e-9700-58e1d0977481.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/77-f9f0e789-223e-552e-9700-58e1d0977481.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-77-electric-vehicles-are-going-to-suck-here-s-why","url":"https://api.media.ccc.de/public/events/f9f0e789-223e-552e-9700-58e1d0977481","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"36551683-6a24-5a75-9f6f-71af781030a2","title":"Intro to OSINT and Geolocation","subtitle":null,"slug":"mch2022-286-intro-to-osint-and-geolocation","link":"https://program.mch2022.org/mch2022/talk/RSAY8Q/","description":"The talk is on Introduction to opens source investigations. Aiganysh will explain what \"open source\" is, what kind of research you can do with it, and the challenges it entails from Bellingcat's experience. The presentation will be full of case studies and exercises such as geolocating ISIS supporters from Twitter and identifying neo-nazi criminals in the US.\n\nBellingcat has conducted open source investigations into the downing of MH17, syrian chemical attacks, high level poisonings, corruption investigations, ecological research, war monitoring and etc. So what is open source investigations, how can you do it and what challenges come with it? \nTo learn more about that join the talk by Aiganysh Aidarbekova, Bellingcat's researcher and trainer. The talk will also have case studies and exercises such as geolocating ISIS supporters from Twitter and identifying neo-nazi criminals in the US.","original_language":"eng","persons":["Aiganysh"],"tags":["mch2022","286","2022","MCH2022 Curated content"],"view_count":858,"promoted":false,"date":"2022-07-25T11:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-29T23:00:05.247+02:00","length":3088,"duration":3088,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/286-36551683-6a24-5a75-9f6f-71af781030a2.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/286-36551683-6a24-5a75-9f6f-71af781030a2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/286-36551683-6a24-5a75-9f6f-71af781030a2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/286-36551683-6a24-5a75-9f6f-71af781030a2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-286-intro-to-osint-and-geolocation","url":"https://api.media.ccc.de/public/events/36551683-6a24-5a75-9f6f-71af781030a2","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"aa858187-20d0-5e8e-aaf0-7d478de9206f","title":"Repair for Future","subtitle":null,"slug":"mch2022-301-repair-for-future","link":"https://program.mch2022.org/mch2022/talk/ZNJYHC/","description":"This discussion will start with a brief summary on the history of repair initiatives. We can report about our personal repair activities during the pandemic. Subsequently, I'll outline the achievements of the right to repair movement and we can discuss ideas for the future.\n\nDuring a peak in public interest, the repair café movement was caught by the covid pandemic.\nMany local initiatives adapted quickly and opened online repair consultation hours. In the german-speaking countries, a monthly central online repair café was established. I'll give a lessons-learned about the experiences and limits of these online activities.\nThe political right to repair movement has brought many interesting improvements, for example the french repairability index or the European ecodesign directive.  I'll talk about them and what else is to be expected in the near future.\nThis is in interactive discussion format, so ideally I'll only present a few facts and guide through topics while the audience chimes in with their personal experiences and questions.\n\nSlides: https://pads.schaffenburg.org/p/Repair-for-future-MCH","original_language":"eng","persons":["Fraxinas"],"tags":["mch2022","301","2022","MCH2022 Curated content"],"view_count":165,"promoted":false,"date":"2022-07-23T17:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-04-03T21:00:06.936+02:00","length":2803,"duration":2803,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/301-aa858187-20d0-5e8e-aaf0-7d478de9206f.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/301-aa858187-20d0-5e8e-aaf0-7d478de9206f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/301-aa858187-20d0-5e8e-aaf0-7d478de9206f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/301-aa858187-20d0-5e8e-aaf0-7d478de9206f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-301-repair-for-future","url":"https://api.media.ccc.de/public/events/aa858187-20d0-5e8e-aaf0-7d478de9206f","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"e60d9b21-ffaa-5f95-9db0-647e188ee8f3","title":"Reclaiming our faces","subtitle":null,"slug":"mch2022-215-reclaiming-our-faces","link":"https://program.mch2022.org/mch2022/talk/SQQ3D9/","description":"What are the risks and problems of face search engines like Clearview AI and PimEyes? Since institutional protection against these systems is failing us, how can we protect ourselves against this? Three people involved in the fight against biometric mass surveillance share their experiences and reflections. Come to this talk to exchange experiences, learn what tools there are for your protection, how to use them and how you can help stop the creep of mass surveillance technologies.\n\nFace search engines like [Clearview AI](https://reclaimyourface.eu/how-to-reclaim-your-face-from-clearview-ai/) and [Pimeyes](https://edition.cnn.com/2021/05/04/tech/pimeyes-facial-recognition/index.html) have all our faces and process our biometric data. They didn't ask us if we like their *service* and if they may use our data. Users of these search engines can now identify us anytime, anywhere.\n\nSince biometric data enjoy special protection under GDPR, we filed complaints in multiple European states. We report how data protection authorities did nothing for a long time and tell of the first successes. However, it became clear that GDPR does not protect against biometric surveillance.\n\nThat's why we have joined forces to form the **[Reclaim Your Face](https://reclaimyourface.eu/)** campaign. Together, we call on the European Commission to strictly regulate the use of biometric technilogies in order to avoid undue interference with fundamental rights. In particular, we ask the Commission to prohibit, in law and in practice, indiscriminate or arbitrarily-targeted uses of biometrics which can lead to unlawful mass surveillance.\n\nThe two face search engines are not the only examples of everyday biometric surveillance. However, it is difficult to track where else we are being monitored: There is a lack of transparency and oversight. Public authorities and private companies rarely report on their own what they have been up to. We share how we've used FOIA requests, among other things, to create a little more publicity.","original_language":"eng","persons":["kantorkel","Lotte Houwing - Bits of Freedom","e-punc"],"tags":["mch2022","215","2022","MCH2022 Curated content"],"view_count":223,"promoted":false,"date":"2022-07-23T15:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-21T21:00:05.616+01:00","length":1721,"duration":1721,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/215-e60d9b21-ffaa-5f95-9db0-647e188ee8f3.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/215-e60d9b21-ffaa-5f95-9db0-647e188ee8f3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/215-e60d9b21-ffaa-5f95-9db0-647e188ee8f3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/215-e60d9b21-ffaa-5f95-9db0-647e188ee8f3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-215-reclaiming-our-faces","url":"https://api.media.ccc.de/public/events/e60d9b21-ffaa-5f95-9db0-647e188ee8f3","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"3b717eb1-6690-5240-9a78-6e15af93c1d7","title":"Climate Crisis: The gravity of the situation. What is going on?","subtitle":null,"slug":"mch2022-336-climate-crisis-the-gravity-of-the-situation-what-is-going-on-","link":"https://program.mch2022.org/mch2022/talk/UCSKRM/","description":"Goal is to discuss the gravity of the situation and create shared set of ideas on what is likely coming at us.\n\nWe will do a Threat Modelling exercise around the climate change topic. Via a collective mind mapping exercise we will create a shared mental model and identify the things that will happen and how they will affect various people at various locations.\n\nGoal is to discuss the gravity of the situation and create shared set of ideas on what is likely coming at us.\n\nWe will do a Threat Modelling exercise around the climate change topic. Via a collective mind mapping exercise we will create a shared mental model and identify the things that will happen and how they will affect various people at various locations.","original_language":"eng","persons":["Igor Nikolic"],"tags":["mch2022","336","2022","Emergent 🌍"],"view_count":98,"promoted":false,"date":"2022-07-23T15:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-06-16T01:30:02.649+02:00","length":7165,"duration":7165,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/336-3b717eb1-6690-5240-9a78-6e15af93c1d7.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/336-3b717eb1-6690-5240-9a78-6e15af93c1d7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/336-3b717eb1-6690-5240-9a78-6e15af93c1d7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/336-3b717eb1-6690-5240-9a78-6e15af93c1d7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-336-climate-crisis-the-gravity-of-the-situation-what-is-going-on-","url":"https://api.media.ccc.de/public/events/3b717eb1-6690-5240-9a78-6e15af93c1d7","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"f6631251-0a21-4e21-afc2-2c88ceb34877","title":"Field Weekend: Lightning Talks","subtitle":"","slug":"mch2022-fieldday-lightningtalks","link":"https://c3voc.de","description":"","original_language":"eng","persons":["MCH"],"tags":["ife","9","2021"],"view_count":685,"promoted":false,"date":"2021-09-04T20:00:00.000+02:00","release_date":"2021-09-11T00:00:00.000+02:00","updated_at":"2025-10-15T12:45:04.509+02:00","length":2004,"duration":2004,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/9-f6631251-0a21-4e21-afc2-2c88ceb34877.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/9-f6631251-0a21-4e21-afc2-2c88ceb34877_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/9-f6631251-0a21-4e21-afc2-2c88ceb34877.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/9-f6631251-0a21-4e21-afc2-2c88ceb34877.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-fieldday-lightningtalks","url":"https://api.media.ccc.de/public/events/f6631251-0a21-4e21-afc2-2c88ceb34877","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"44ab627f-ed5d-522b-b84b-15a3ed761895","title":"Cyber crises and what you can do to face the challenge","subtitle":null,"slug":"mch2022-255-cyber-crises-and-what-you-can-do-to-face-the-challenge","link":"https://program.mch2022.org/mch2022/talk/CVGHG9/","description":"Your organization suffers from a serious system compromise from a cyber-crime ring, state-actor or both. The cyber inferno is raging through your organisation. In this talk I’d like to walk you through a situation which escalated quickly. The talk is intended to inspire people to take preventative measures, keep their heads as cool as possible, and keep a grip on the situation.\n\nYour organisation suffers from a serious system compromise from a cyber-crime ring, state-actor or both. The cyber inferno is raging through your organisation. The problems are countless. A neighbouring organisation is looking at your problems and wondering about the potential of spillovers. What if these spillovers escalate beyond your grasp? How and what do you communicate internally and externally? In this talk I’d like to walk you through a situation which escalated quickly. The talk is intended to inspire people to take preventative measures, keep their heads as cool as possible, and keep a grip on the situation regardless of the size of the challenge.","original_language":"eng","persons":["Oscar Koeroo"],"tags":["mch2022","255","2022","MCH2022 Curated content"],"view_count":95,"promoted":false,"date":"2022-07-25T17:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-06-23T23:45:05.089+02:00","length":2696,"duration":2696,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/255-44ab627f-ed5d-522b-b84b-15a3ed761895.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/255-44ab627f-ed5d-522b-b84b-15a3ed761895_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/255-44ab627f-ed5d-522b-b84b-15a3ed761895.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/255-44ab627f-ed5d-522b-b84b-15a3ed761895.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-255-cyber-crises-and-what-you-can-do-to-face-the-challenge","url":"https://api.media.ccc.de/public/events/44ab627f-ed5d-522b-b84b-15a3ed761895","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"30c49ea3-6a47-59ae-8491-11eaa04958f3","title":"Introduction to MQTT, Node-RED \u0026 Tasmota","subtitle":null,"slug":"mch2022-32-introduction-to-mqtt-node-red-tasmota","link":"https://program.mch2022.org/mch2022/talk/B3REPR/","description":"A demonstration of the power of MQTT in combination with Node-RED. We'll also take a look at the \"universal\" Tasmota firmware for ESP8266 and ESP32-based devices. This all to hopefully make you enthusiastic to start building your own projects with these building blocks.\n\nA demonstration of the power of MQTT in combination with Node-RED. We'll also take a look at the \"universal\" Tasmota firmware for ESP8266 and ESP32-based devices. This all to hopefully make you enthusiastic to start building your own projects with these building blocks. \nMQTT is a very light message transport mechanism that uses a standard network connection and a subscribe-publish \nprotocol to get messages from one device to one or more others in the network in a structured manner.\nNode-RED is a programming tool for wiring together hardware devices, APIs and online services very suited for working with MQTT messages.\nTasmota started as a universal firmware for ESP8266/8285 IoT-devices, now with added support for the ESP32 and it comes with MQTT-support out of the box.\nWith these tools, a raspberry pi and a few lines of script, we can start building home automation or whatever you want.","original_language":"eng","persons":["CrazyA (Ad)"],"tags":["mch2022","32","2022","MCH2022 Curated content"],"view_count":524,"promoted":false,"date":"2022-07-26T11:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-13T17:00:08.525+01:00","length":2020,"duration":2020,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/32-30c49ea3-6a47-59ae-8491-11eaa04958f3.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/32-30c49ea3-6a47-59ae-8491-11eaa04958f3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/32-30c49ea3-6a47-59ae-8491-11eaa04958f3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/32-30c49ea3-6a47-59ae-8491-11eaa04958f3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-32-introduction-to-mqtt-node-red-tasmota","url":"https://api.media.ccc.de/public/events/30c49ea3-6a47-59ae-8491-11eaa04958f3","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"7f787708-c3b6-56b9-a325-abac5bfcb5cc","title":"A Brief History of Automotive Insecurities","subtitle":null,"slug":"mch2022-252-a-brief-history-of-automotive-insecurities","link":"https://program.mch2022.org/mch2022/talk/TVYLPH/","description":"Automotive hacking hasn't started with Miller/Valasek in 2015 - and it hasn't ended with it, either. This talk will give an overview of automotive insecurities of the past ~10 years, a brief history of some kind. I will also provide an outlook on what the future on four wheels might hold, security-wise.\n\nThis talk will give an exhaustive overview of all the automotive hacks in the past 10 years, and analyze the technical issues and vulnerabilities that have been exploited. Ranging from the automotive hacking papers in the early 2010-ies by US researchers, towards the infamous Miller/Valasek presentations starting 2015, the magic work of KeenLabs and 360 Group, and covering comma.ai, the different Tesla hacks, entry system relay attacks and the recent ADAC study, towards AI-confusion attacks. I will try to analyze the underlying vulnerabilities, how they can be (respectively are already) prevented in modern vehicles, and what the future holds.","original_language":"eng","persons":["Martin"],"tags":["mch2022","252","2022","MCH2022 Curated content"],"view_count":559,"promoted":false,"date":"2022-07-24T12:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-15T22:45:07.605+01:00","length":3026,"duration":3026,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/252-7f787708-c3b6-56b9-a325-abac5bfcb5cc.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/252-7f787708-c3b6-56b9-a325-abac5bfcb5cc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/252-7f787708-c3b6-56b9-a325-abac5bfcb5cc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/252-7f787708-c3b6-56b9-a325-abac5bfcb5cc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-252-a-brief-history-of-automotive-insecurities","url":"https://api.media.ccc.de/public/events/7f787708-c3b6-56b9-a325-abac5bfcb5cc","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"7ded23b5-6869-5c74-be08-b79e2576236b","title":"Respirators, Runtime Errors, Regulations – A Journey into Medical Software Realization","subtitle":null,"slug":"mch2022-179-respirators-runtime-errors-regulations-a-journey-into-medical-software-realization","link":"https://program.mch2022.org/mch2022/talk/V77FEC/","description":"Medical devices come in all shapes and sizes, and a great deal of them contain – or consist of – software. If they are faulty, they can kill.  We’ll talk about different types and classes of medical devices, the regulations that try to ensure their safety and what all of this means for medical software projects.\n\nSo you have a great idea for a medical product with software that will make the world a better place? It helps people to regain or improve their health, cope with a permanent condition or analyze their vital stats? That’s fantastic! What could possibly go wrong?\n\nHistory has shown that faults in medical devices can have disastrous consequences. Those products may cause severe injury, permanent damage, even death. In order to make sure that your product does not harm its users there is a bunch of regulations that you have to comply with. How does this affect your work? \n\nFirst we’ll take a look at where to find software in or around medical devices from embedded code to stand-alone sofware with AI. Then I’ll provide a few infamous examples of what went wrong (including a great talk about faulty software in pacemakers from CCC Camp 2019 – you know, that last great event before THE VIRUS).\n\nThen we’ll talk about the regulatory part, especially at the EU Medical Device Regulation and what it means for planning, implementing and maintaining software for medical products (my favourite topic: traceability. ;-) ). It’s also of interest for non-EU participants because many of the regulations are ISO-harmonized.","original_language":"eng","persons":["Bettina Neuhaus"],"tags":["mch2022","179","2022","MCH2022 Curated content"],"view_count":233,"promoted":false,"date":"2022-07-23T11:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-03-26T15:30:07.011+01:00","length":2899,"duration":2899,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/179-7ded23b5-6869-5c74-be08-b79e2576236b.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/179-7ded23b5-6869-5c74-be08-b79e2576236b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/179-7ded23b5-6869-5c74-be08-b79e2576236b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/179-7ded23b5-6869-5c74-be08-b79e2576236b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-179-respirators-runtime-errors-regulations-a-journey-into-medical-software-realization","url":"https://api.media.ccc.de/public/events/7ded23b5-6869-5c74-be08-b79e2576236b","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"eacfa27a-6640-5a9f-96ac-d90c293bada8","title":"Infrastructure review","subtitle":null,"slug":"mch2022-151-infrastructure-review","link":"https://program.mch2022.org/mch2022/talk/ZLALJT/","description":"The traditional talk by most or all operational teams about the infrastructure built for MCH2022. While the site has some infrastructure in place, a lot of it has to be built for this event. On the other hand there's also teams that just make things go away.\n\nMCH2022 can not be organised without a lot of temporary infrastructure. Join the operational teams and discover the new, the unexpected or the surprising technologies that were necessary to make MCH2022 a success. Expect graphs, pictures of bodges, perhaps a few hacks but definitely a lot of hard work behind the scenes. Think fiber, LEDs, DatenKlos, trusses, waste bags, Terabytes, angels, vouchers, simultaneous viewers, amps, volts, golf carts etc. Please smile (or laugh) at our bad jokes, we're all running on fumes and in desperate need of a proper sleep.","original_language":"eng","persons":["Bix","RFguy"],"tags":["mch2022","151","2022","MCH2022 Curated content"],"view_count":1529,"promoted":false,"date":"2022-07-26T15:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-04-04T00:30:04.463+02:00","length":3501,"duration":3501,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/151-eacfa27a-6640-5a9f-96ac-d90c293bada8.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/151-eacfa27a-6640-5a9f-96ac-d90c293bada8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/151-eacfa27a-6640-5a9f-96ac-d90c293bada8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/151-eacfa27a-6640-5a9f-96ac-d90c293bada8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-151-infrastructure-review","url":"https://api.media.ccc.de/public/events/eacfa27a-6640-5a9f-96ac-d90c293bada8","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"96d49093-a1db-5740-b06d-3c6b749e73cb","title":"Keep Ukraine Connected","subtitle":null,"slug":"mch2022-267-keep-ukraine-connected","link":"https://program.mch2022.org/mch2022/talk/QUFG7J/","description":"In March 2022 the Global NOG Alliance (GNA) started the Keep Ukraine Connected task force to help network operators in Ukraine during and after the invasion. These are our experiences. A simple idea turned into an interesting logistics puzzle with a steep learning curve into customs rules.\n\nWhat started as a simple idea (\"Our goal is to help network operator groups, I'm sure there is more that we can do than hosting their websites and email when there is a war going on) turned into a global aid campaign. We have shipped a truck full of network equipment to Ukraine, and that was only a tiny part. Many companies and individuals from around the world have donated money, hardware and software to help the Ukrainian network operators. Everything from WiFi access points and PoE switches to be used in the bomb shelters to full-rack core routers for rebuilding their infrastructure.\n\nIn the end the logistics are the hardest part. Finding warehouses to temporarily store the donated hardware to getting help shipping equipment across borders and through complicated customs rules (network devices are dual-use goods, and convincing customs officers that a truck full of gear qualifies as humanitarian aid can be a challenge…)","original_language":"eng","persons":["Sander Steffann"],"tags":["mch2022","267","2022","MCH2022 Curated content"],"view_count":271,"promoted":false,"date":"2022-07-22T21:40:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-01-16T14:15:14.377+01:00","length":1935,"duration":1935,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/267-96d49093-a1db-5740-b06d-3c6b749e73cb.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/267-96d49093-a1db-5740-b06d-3c6b749e73cb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/267-96d49093-a1db-5740-b06d-3c6b749e73cb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/267-96d49093-a1db-5740-b06d-3c6b749e73cb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-267-keep-ukraine-connected","url":"https://api.media.ccc.de/public/events/96d49093-a1db-5740-b06d-3c6b749e73cb","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"8dac3f5d-4a52-52b6-9579-9b92ef2b1ffc","title":"Don't turn your back on Ransomware!","subtitle":null,"slug":"mch2022-266-don-t-turn-your-back-on-ransomware-","link":"https://program.mch2022.org/mch2022/talk/8JETCV/","description":"Ransomware is making a comeback and attacking us all! Learn and sharpen your blades in order to defend against this multi headed monster! There’s a lot to learn from every ransomware attack. By demounting every bit of the attack and looking at every stage there’s much to gain for setting up proper detection and other defence techniques\n\nRemember those times when a popup appeared on your screen with the message to immediately transfer an amount of bitcoins to retrieve your files? Ransomware is still a serious threat to a lot of people and organisations and nowadays using more and more advanced techniques to target you and steal your data. This talk will tell us what Ransomware actually is, who’s writing the code and making money out of it, it shows us a bit of the Ransomware history and what types were out there, to better understand what we’re dealing with. And explain all of the ransomware attack stages and what you can do in terms of detection and defence inside your security operations.","original_language":"eng","persons":["Erik Heskes"],"tags":["mch2022","266","2022","MCH2022 Curated content"],"view_count":178,"promoted":false,"date":"2022-07-23T18:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-10-12T10:45:02.622+02:00","length":1671,"duration":1671,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/266-8dac3f5d-4a52-52b6-9579-9b92ef2b1ffc.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/266-8dac3f5d-4a52-52b6-9579-9b92ef2b1ffc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/266-8dac3f5d-4a52-52b6-9579-9b92ef2b1ffc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/266-8dac3f5d-4a52-52b6-9579-9b92ef2b1ffc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-266-don-t-turn-your-back-on-ransomware-","url":"https://api.media.ccc.de/public/events/8dac3f5d-4a52-52b6-9579-9b92ef2b1ffc","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"900032ea-1a6e-55d7-9ca0-e9e09d6fb86c","title":"Hacking the pandemic's most popular software: Zoom","subtitle":null,"slug":"mch2022-152-hacking-the-pandemic-s-most-popular-software-zoom","link":"https://program.mch2022.org/mch2022/talk/QVXXUP/","description":"Last year we won Pwn2Own by demonstrating remote code execution, using a chain of three vulnerabilities, on the then latest version of the Zoom client. In this talk we would like to share all details of the vulnerabilities we found and how we combined them into a fully working exploit.\n\nWhen the pandemic required everyone to work from home, we saw a huge growth on the video conferencing market. It was this movement that made the organisation behind the world famous Pwn2Own competition decide to add an 'Enterprise Communications' category to last year’s competition. Everyone who was able to successfully demonstrate a zero-day attack against Zoom or Microsoft Teams would be rewarded $200,000. We decided to take them up on this challenge and started researching Zoom. This resulted in a working remote exploit against the at the time latest version of Zoom that would give the attacker full control over the victim’s system (CVE-2021-34407).\n\nDuring this talk, we will walk you through how we started our research, explain the vulnerabilities that were found and finally how those vulnerabilities were incorporated into the exploit that successfully performed the attack during the contest.","original_language":"eng","persons":["Thijs Alkemade","Daan Keuper"],"tags":["mch2022","152","2022","MCH2022 Curated content"],"view_count":510,"promoted":false,"date":"2022-07-24T17:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-01-08T18:00:19.084+01:00","length":2896,"duration":2896,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/152-900032ea-1a6e-55d7-9ca0-e9e09d6fb86c.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/152-900032ea-1a6e-55d7-9ca0-e9e09d6fb86c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/152-900032ea-1a6e-55d7-9ca0-e9e09d6fb86c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/152-900032ea-1a6e-55d7-9ca0-e9e09d6fb86c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-152-hacking-the-pandemic-s-most-popular-software-zoom","url":"https://api.media.ccc.de/public/events/900032ea-1a6e-55d7-9ca0-e9e09d6fb86c","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"4251abbe-30eb-59cc-9d07-215b411eb8c9","title":"Rocking the Web Bloat: Modern Gopher, Gemini and the Small Internet","subtitle":null,"slug":"mch2022-83-rocking-the-web-bloat-modern-gopher-gemini-and-the-small-internet","link":"https://program.mch2022.org/mch2022/talk/RPVQD8/","description":"The web is a mess, bloated with data-gathering trackers, predatory UX, massive resource loads, and it is absorbing everything it touches. The Small Internet is a counter-cultural movement to wrangle things back under control via minimalism, hands-on participation, and good old fashioned conversation. At its heart are technologies like the venerable Gopher protocol or the new Gemini protocol offering a refuge and a place to dream of a better future.\n\nJoin me and be reintroduced to Gopher in 2021 and learn what this old friend has to offer us in a world full of web services and advertising bombardment. We will also explore the new Gemini protocol and how it differs from Gopher and HTTP.\n\nWe will explore the protocols themselves, their history, and what the modern ecosystems are like. I will briefly review the technical details of implementing servers or clients of your own, and how to author content as a user. Discussion will cover limitations, grey-areas, and trade-offs in exchange for speed and simplicity.\n\nThrough these alternative protocols we'll see the small internet in action.","original_language":"eng","persons":["James Tomasino"],"tags":["mch2022","83","2022","MCH2022 Curated content"],"view_count":2088,"promoted":false,"date":"2022-07-25T20:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-15T14:00:05.940+01:00","length":2853,"duration":2853,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/83-4251abbe-30eb-59cc-9d07-215b411eb8c9.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/83-4251abbe-30eb-59cc-9d07-215b411eb8c9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/83-4251abbe-30eb-59cc-9d07-215b411eb8c9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/83-4251abbe-30eb-59cc-9d07-215b411eb8c9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-83-rocking-the-web-bloat-modern-gopher-gemini-and-the-small-internet","url":"https://api.media.ccc.de/public/events/4251abbe-30eb-59cc-9d07-215b411eb8c9","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"834cfcc3-0e35-5ec5-80f1-b13ab5edac73","title":"SSH Configuration, Intermediate Level","subtitle":null,"slug":"mch2022-170-ssh-configuration-intermediate-level","link":"https://program.mch2022.org/mch2022/talk/KHWLR9/","description":"So, you know how to \"use\" the ssh command line? You enter connection parameters like username, hostname or private key every time you need to connect? You manually log into the jump/bastion host when connecting to your target host? Then come to this session and learn how you can make your life easier and your work more efficient by using custom config files and a tiny little bit of preparation.\n\nSo, you know how to \"use\" the ssh command line? You enter connection parameters like username, hostname or private key every time you need to connect? You manually log into the jump/bastion host when connecting to your target host? Then come to this session and learn how you can make your life easier and your work more efficient by using custom config files and a tiny little bit of preparation.\n\nIn addition, we will also cover common best practices and improvements to your current SSH setup.\nYou will benefit the most from this talk, if you have used SSH before. SSH novices are welcome as well, SSH experts may drop by for the bad jokes.\n\nThe target audience for this talk is people with a beginner/intermediate understanding of SSH.","original_language":"eng","persons":["leyrer"],"tags":["mch2022","170","2022","MCH2022 Curated content"],"view_count":1063,"promoted":false,"date":"2022-07-26T12:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-14T14:15:06.486+01:00","length":2939,"duration":2939,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/170-834cfcc3-0e35-5ec5-80f1-b13ab5edac73.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/170-834cfcc3-0e35-5ec5-80f1-b13ab5edac73_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/170-834cfcc3-0e35-5ec5-80f1-b13ab5edac73.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/170-834cfcc3-0e35-5ec5-80f1-b13ab5edac73.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-170-ssh-configuration-intermediate-level","url":"https://api.media.ccc.de/public/events/834cfcc3-0e35-5ec5-80f1-b13ab5edac73","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"edd9b4c0-70d0-5cc9-9dee-aaf1b6f309f3","title":"Where did all the parts go - the 202x component availability trashfire","subtitle":null,"slug":"mch2022-330-where-did-all-the-parts-go-the-202x-component-availability-trashfire","link":"https://program.mch2022.org/mch2022/talk/QKKTTH/","description":"Since early 2021, it has been impossible to buy most integrated circuits and various other components. I'll explain how and why this happened, why it's going to keep happening, and where the fragility of the electronics manufacturing ecosystem comes from.\n\nA terrible miscalculation by one unrelated industry (car manufacturing) caused the entire electronics market to fall apart in a spectacular way, meaning that for over a year now it's been impossible to buy many important electronic components, including most ICs. I'll talk about how the electronics component ecosystem is structured, why it's inherently fragile, and how everyone acting in their own best interest has made the problem worse. I'll also share some stories about working around supply issues at various companies and projects I've been involved with during this period.\n\nCome hear a fireside chat about how car companies are trash, how you can build a world economy on shortsightedness, and how two conference calls can bring down the entire world's supply of essential parts.","original_language":"eng","persons":["Kliment"],"tags":["mch2022","330","2022","MCH2022 Curated content"],"view_count":1179,"promoted":false,"date":"2022-07-26T11:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-28T22:45:05.314+01:00","length":1809,"duration":1809,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/330-edd9b4c0-70d0-5cc9-9dee-aaf1b6f309f3.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/330-edd9b4c0-70d0-5cc9-9dee-aaf1b6f309f3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/330-edd9b4c0-70d0-5cc9-9dee-aaf1b6f309f3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/330-edd9b4c0-70d0-5cc9-9dee-aaf1b6f309f3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-330-where-did-all-the-parts-go-the-202x-component-availability-trashfire","url":"https://api.media.ccc.de/public/events/edd9b4c0-70d0-5cc9-9dee-aaf1b6f309f3","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"53831741-f569-54b5-b960-a4b0b39f7715","title":"GPS ankle monitor hacking: How I got stalked by people from the Arab Emirates","subtitle":null,"slug":"mch2022-187-gps-ankle-monitor-hacking-how-i-got-stalked-by-people-from-the-arab-emirates","link":"https://program.mch2022.org/mch2022/talk/DK3VKB/","description":"Ankle monitors are devices typically used by law enforcement to track offenders, have you ever wondered how they work - which potential vulnerabilities they have or where to buy one ( or many )? This talk is about hacking electronic ankle monitors built by various Chinese manufacturers - and the protocols and software they use.\n\nAnkle monitors are devices used by law enforcement to track offenders - typically ones on house arrest. They contain various sensors and GPS, WiFi, Cellular and sometimes RF communication to transmit data and determine their position. \n\nThis talk will go into detail for various brands on how they communicate with their servers - potential vulnerabilities and ways to escape/avoid detection. This talk concerns Chinese vendors of ankle monitors - but the processes are applicable to different brands and types as well. I will discuss how I developed a server which can be used with 4 vendors of these devices - and how I got the protocol documents for each of them through a bit of social engineering.\n\nThe focus will be on the technical details of how your location is determined - which fallbacks are used in case locating falls - and how data is communicated to the server - and the security implications of all of this. Some of devices are used by small nations to track for instance immigrants for COVID tracking - we will discuss the implications of this.","original_language":"eng","persons":["Arno"],"tags":["mch2022","187","2022","MCH2022 Curated content"],"view_count":726,"promoted":false,"date":"2022-07-24T10:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-28T23:00:05.953+01:00","length":2894,"duration":2894,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/187-53831741-f569-54b5-b960-a4b0b39f7715.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/187-53831741-f569-54b5-b960-a4b0b39f7715_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/187-53831741-f569-54b5-b960-a4b0b39f7715.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/187-53831741-f569-54b5-b960-a4b0b39f7715.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-187-gps-ankle-monitor-hacking-how-i-got-stalked-by-people-from-the-arab-emirates","url":"https://api.media.ccc.de/public/events/53831741-f569-54b5-b960-a4b0b39f7715","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"1abef07b-1eaf-5f56-953d-7dfa31d03e42","title":"Taking Action against SLAPPs in Europe","subtitle":null,"slug":"mch2022-276-taking-action-against-slapps-in-europe","link":"https://program.mch2022.org/mch2022/talk/ZUYKEC/","description":"SLAPP suits (strategic lawsuits against public participation) are nuisance lawsuits designed to get journalists, activists, historians, whistleblowers and others to keep quiet. This kind of lawfare isn't new, but there is an increasing focus on the issue in Europe, with new legislation coming. Here's where you find out more.\n\nYou receive a threatening letter from a major law firm, probably based in London, trying to stop your reporting, or your activism, threatening you as an individual as well as the organisation you are affiliated with - congratulations, you've just been SLAPPed.\n\nStrategic lawsuits against public participation (SLAPPs) are on the increase worldwide, and Europe is beginning to take notice. Lawyers' associations in Italy and Croatia report hundreds of nuisance suits being laid against journalists. In Hungary, Poland and Slovenia, the state and its allies are SLAPPing opponents - journalists, anticorruption activists, LGBTI+ rights advocates - with impunity.\n\nLitigation has been turned against the activist community, oligarchs try to silence debate and  Eastern Europe has become the new home of SLAPP-based oppression, as politics slide into autocracy and leaders stamp down on dissent.\n\nBlueprint is part of an 11-country coalition working on the ground to train lawyers to help the victims of SLAPPs strike back. We're currently developing a curriculum from scratch, drawing on European human rights principles and local knowledge.\n\nIf you want to understand the European situation better, or if you have experience of SLAPPS and can help us understand what kinds of legal training and other defences are useful to civil society, we'd love for you to join this conversation.","original_language":"eng","persons":["Naomi Colvin"],"tags":["mch2022","276","2022","MCH2022 Curated content"],"view_count":84,"promoted":false,"date":"2022-07-23T17:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-05T15:00:07.403+01:00","length":2908,"duration":2908,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/276-1abef07b-1eaf-5f56-953d-7dfa31d03e42.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/276-1abef07b-1eaf-5f56-953d-7dfa31d03e42_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/276-1abef07b-1eaf-5f56-953d-7dfa31d03e42.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/276-1abef07b-1eaf-5f56-953d-7dfa31d03e42.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-276-taking-action-against-slapps-in-europe","url":"https://api.media.ccc.de/public/events/1abef07b-1eaf-5f56-953d-7dfa31d03e42","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"c541c952-d56e-5794-933c-3aa0f8fdf362","title":"Computing within Limits","subtitle":null,"slug":"mch2022-442-computing-within-limits","link":"https://program.mch2022.org/mch2022/talk/FSYNES/","description":"The LIMITS workshop concerns the role of computing in human societies affected by real-world limits*. As an interdisciplinary group of researchers, practitioners, and scholars, we seek to reshape the computing research agenda, grounded by an awareness that contemporary computing research is intertwined with ecological limits in general and climate- and climate justice-related limits in particular. LIMITS 2022 solicits submissions that move us closer towards computing systems that support diverse human and non-human lifeforms within thriving biospheres.\nFor example, limits of extractive logics, limits to a biosphere's ability to recover, limits to our knowledge, or limits to technological \"solutions\". \n \nThe LIMITS workshop concerns the role of computing in human societies affected by real-world limits*. As an interdisciplinary group of researchers, practitioners, and scholars, we seek to reshape the computing research agenda, grounded by an awareness that contemporary computing research is intertwined with ecological limits in general and climate- and climate justice-related limits in particular. LIMITS 2022 solicits submissions that move us closer towards computing systems that support diverse human and non-human lifeforms within thriving biospheres.\nFor example, limits of extractive logics, limits to a biosphere's ability to recover, limits to our knowledge, or limits to technological \"solutions\".\n\nThe LIMITS workshop concerns the role of computing in human societies affected by real-world limits*. As an interdisciplinary group of researchers, practitioners, and scholars, we seek to reshape the computing research agenda, grounded by an awareness that contemporary computing research is intertwined with ecological limits in general and climate- and climate justice-related limits in particular. LIMITS 2022 solicits submissions that move us closer towards computing systems that support diverse human and non-human lifeforms within thriving biospheres.\n\n* For example, limits of extractive logics, limits to a biosphere's ability to recover, limits to our knowledge, or limits to technological \"solutions\". https://computingwithinlimits.org/2022/","original_language":"eng","persons":["Vesna Manojlovic"],"tags":["mch2022","442","2022","Emergent 🌍"],"view_count":136,"promoted":false,"date":"2022-07-26T12:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-06-26T11:00:08.390+02:00","length":2595,"duration":2595,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/442-c541c952-d56e-5794-933c-3aa0f8fdf362.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/442-c541c952-d56e-5794-933c-3aa0f8fdf362_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/442-c541c952-d56e-5794-933c-3aa0f8fdf362.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/442-c541c952-d56e-5794-933c-3aa0f8fdf362.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-442-computing-within-limits","url":"https://api.media.ccc.de/public/events/c541c952-d56e-5794-933c-3aa0f8fdf362","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"5a2aaca0-1bd5-5a1d-88f4-3bee317b7247","title":"The War in Ukraine: Cyberfront","subtitle":null,"slug":"mch2022-245-the-war-in-ukraine-cyberfront","link":"https://program.mch2022.org/mch2022/talk/PL3FTM/","description":"When the pandemic was declared over, Europe went into a war. This was the first major conflict in Europe where an important part of the war was waged online.\nAnonymous, disBalancer, IT ARMY, and the western governments.\n\nThese are stories from the cyber front lines.\n\nWelcome to a panel of speakers from Ukraine and EU. We will discuss what happened on the front, how it helped to turn the war in Ukraine's favor, the international cooperation, the cyber offensive, and the how and why of it.\n\nWe will discuss, DDoS, information disclosures, backdooring, psyops, and propaganda.\n\nChris Kubecka, CEO and Founder of HypaSec, Anastasiia Voitova, security software engineer at Cossack Labs, and Peter van den Heuvel, Security analyst from Saxion, are joining us to share their stories.\n\nhttps://twitter.com/SecEvangelism\nhttps://twitter.com/vixentael\nhttps://twitter.com/pvdheuvel_\nhttps://twitter.com/KirilsSolovjovs","original_language":"eng","persons":["Kirils Solovjovs"],"tags":["mch2022","245","2022","MCH2022 Curated content"],"view_count":382,"promoted":false,"date":"2022-07-25T14:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-17T16:00:09.308+01:00","length":5064,"duration":5064,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/245-5a2aaca0-1bd5-5a1d-88f4-3bee317b7247.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/245-5a2aaca0-1bd5-5a1d-88f4-3bee317b7247_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/245-5a2aaca0-1bd5-5a1d-88f4-3bee317b7247.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/245-5a2aaca0-1bd5-5a1d-88f4-3bee317b7247.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-245-the-war-in-ukraine-cyberfront","url":"https://api.media.ccc.de/public/events/5a2aaca0-1bd5-5a1d-88f4-3bee317b7247","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"92c8db93-4f4e-5942-be8d-3daf6031f000","title":"First Privacy, Now Safety:","subtitle":"An Anthology of Tales from the Front Lines of Cyber Physical Security","slug":"mch2022-27-first-privacy-now-safety-an-anthology-of-tales-from-the-front-lines-of-cyber-physical-security","link":"https://program.mch2022.org/mch2022/talk/QYAUZT/","description":"As of today, most discussions on cyber security focus on privacy and the implications of incidents involving data. However, those of us in cyber physical security often see things differently as we study actors attempting to use computers to impact the physical world (e.g. critical infrastructure and industrial controls). Geopolitical conflicts and accessible offensive security tools make defending against these threats increasingly complex. The anthology I bring for you illustrates the evolution of cyber physical threats through several stories with topics that span from non-fiction espionage and crime thrillers to politically-motivated intrusions and master tinkerers’ ill-fated creations. By focusing on the different players involved and their motivations, I intend not to hype up the scenario, but instead to accurately describe what we observe daily in the cyber physical threat intelligence community.\r\n\r\n“First Privacy, Now Safety: An Anthology of Tales from the Front Lines of Cyber Physical Security” will consist of a series of real stories to illustrate the evolution of cyber physical threats related to topics that span from non-fiction espionage and crime thrillers to politically-motivated intrusions and master tinkerers’ ill-fated creations. The selection of topics results from my personal experience as a member of the cyber threat intelligence community in Washington, D.C. with a very pacifist perspective of life. Some example stories include:\r\n\r\n•\tThe Unwilling Pawn – How our infrastructure gets swept up in geopolitical conflicts\r\n•\tEverybody Be Cool, This is a Robbery! – How criminals can make more money by getting physical.\r\n•\tWhat if I Click Here? – Errant tales from hackers learning about cyber physical systems. (And sometimes erring in the process). \r\n\r\nAll of the stories I will talk about can be verified by the audience in open sources and specialized publications, although they may not appear in any popular books or videos until a couple years from now.","original_language":"eng","persons":["Daniel Kapellmann Zafra"],"tags":["mch2022","27","2022","MCH2022 Curated content"],"view_count":100,"promoted":false,"date":"2022-07-25T13:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-09-01T21:45:03.587+02:00","length":2572,"duration":2572,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/27-92c8db93-4f4e-5942-be8d-3daf6031f000.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/27-92c8db93-4f4e-5942-be8d-3daf6031f000_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/27-92c8db93-4f4e-5942-be8d-3daf6031f000.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/27-92c8db93-4f4e-5942-be8d-3daf6031f000.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-27-first-privacy-now-safety-an-anthology-of-tales-from-the-front-lines-of-cyber-physical-security","url":"https://api.media.ccc.de/public/events/92c8db93-4f4e-5942-be8d-3daf6031f000","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"d7aa6628-8e46-5771-bbac-b056a0d63209","title":"TIC-80 byte jam","subtitle":null,"slug":"mch2022-226-tic-80-byte-jam","link":"https://program.mch2022.org/mch2022/talk/PG8QBM/","description":"TIC-80 fantasy console Byte Jam is a friendly competition to livecode a demo in a relaxed atmosphere. This can take an hour or more depending on the inspiration and time needed of the participants. You could follow the suggested random chosen topic or do your own thing.\n\nTIC-80 fantasy console Byte Jam is a friendly competition to livecode a demo in a relaxed atmosphere. This can take an hour or more depending on the inspiration and time needed of the participants. You could follow the suggested random chosen topic or do your own thing. \n\nTIC-80 is a fantasy console with limited resources like 240x136 pixels display, 16 color palette, 256 8x8 color sprites, 4 channel sound , etc. This gives the TIC-80 a very retro look and feel.\n\nThis byte jam is a good representation of the demoscene, where coders/hackers with very limited resources in hard or software make stunning audio and visual effects. In Europe the demoscene got status of cultural heritage in Finland, Germany and Polen and requested for Netherlands and other countries. \n\nIf you want to join this TIC-80 byte jam add you name to this wiki page : https://wiki.mch2022.org/Projects:Demoparty","original_language":"eng","persons":["Anne Jan Brouwer","Dave Borghuis","Superogue","Blossom","Lynn","io"],"tags":["mch2022","226","2022","MCH2022 Curated content"],"view_count":310,"promoted":false,"date":"2022-07-24T00:30:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-12-28T10:15:09.368+01:00","length":5370,"duration":5370,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/226-d7aa6628-8e46-5771-bbac-b056a0d63209.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/226-d7aa6628-8e46-5771-bbac-b056a0d63209_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/226-d7aa6628-8e46-5771-bbac-b056a0d63209.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/226-d7aa6628-8e46-5771-bbac-b056a0d63209.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-226-tic-80-byte-jam","url":"https://api.media.ccc.de/public/events/d7aa6628-8e46-5771-bbac-b056a0d63209","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"48843063-0bce-5bbc-9f63-a0596e378dd4","title":"Fault Injection on a modern multicore System on Chip","subtitle":null,"slug":"mch2022-279-fault-injection-on-a-modern-multicore-system-on-chip","link":"https://program.mch2022.org/mch2022/talk/9NZHED/","description":"Hardware attacks on security relevant components, such as fault injection, have been known for decades and have been shown to be successful on a wide range of devices ranging from general purpose microcontrollers to dedicated security engines. In this work we give an overview of different methods used for fault injection and the effectiveness of these methods. We discuss electromagnetic fault injection in more detail. Most of the published research focuses on attacking low performance secure devices. However, we present the results of electromagnetic fault injection on a modern multicore system on chip running at gigahertz speed and discuss its effectiveness.\n\nIn this presentation we discuss hardware attacks in general, their use cases, and real-world examples. We then discuss electromagnetic fault injection in detail. We compare the results of the previous research on microcontrollers and secure elements to more modern high performance system on chip devices. We discuss relevant features of modern Arm systems on chip and answer the two main questions of this research. Are electromagnetic fault injection attacks applicable and efficient when applied to software running at gigahertz speed on a modern multicore system on a chip? And to what extent does the operating frequency change the effectiveness of electromagnetic fault injection attacks?","original_language":"eng","persons":["Sergei Volokitin","Ronan Loftus"],"tags":["mch2022","279","2022","MCH2022 Curated content"],"view_count":276,"promoted":false,"date":"2022-07-24T23:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-18T10:15:05.381+01:00","length":3085,"duration":3085,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/279-48843063-0bce-5bbc-9f63-a0596e378dd4.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/279-48843063-0bce-5bbc-9f63-a0596e378dd4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/279-48843063-0bce-5bbc-9f63-a0596e378dd4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/279-48843063-0bce-5bbc-9f63-a0596e378dd4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-279-fault-injection-on-a-modern-multicore-system-on-chip","url":"https://api.media.ccc.de/public/events/48843063-0bce-5bbc-9f63-a0596e378dd4","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"dc0fe8c9-443d-5873-91ee-cca74db67c80","title":"How do GPS/Galileo really work \u0026 how the galmon.eu monitors all navigation satellites","subtitle":null,"slug":"mch2022-17-how-do-gps-galileo-really-work-how-the-galmon-eu-monitors-all-navigation-satellites","link":"https://program.mch2022.org/mch2022/talk/QTUAXG/","description":"The whole world depends on Global Navigation Satellite Systems like GPS, Galileo, BeiDou and GLONASS. The technology behind these systems is fascinating and far more interested than generally presented. Although GNSS is super important, up to recently no good monitoring was publicly available. The \"galmon.eu\" project changed this.\n\nIn this talk I cover:\n\n  * How your phone really figures out where it is (so it can sell more expensive ads)\n    * How the \"satellite ephemeris\" is broadcast, what it means\n  * What is really in this 'assisted GPS'?\n  * The extensive ground infrastructure that is active 24/7 to determine the satellite orbits so GNSS is precise enough to tell which store you are in, or which side of the road you are driving on\n  * How GNSS are monitored in public by 100 Galmon.eu volunteers, running open source receivers all over the world\n     * And the research we enable\n  * Discussion of suitable hardware and GNSS-SDR that allows hackers to see each and every bit coming from the satellites\n  * A brief part on how GNSS can be spoofed and jammed, and the odd cryptography used to help detect or prevent this\n\nThe goal of this presentation is to expose the fascinating reality behind that little circle on your maps app, but also to explain how vulnerable this system is, which is why we need to monitor it closely.\n\nThe whole world depends on Global Navigation Satellite Systems like GPS, Galileo, BeiDou and GLONASS. The technology behind these systems is fascinating and far more interested than generally presented. Although GNSS is super important, up to recently no good monitoring was publicly available. The \"galmon.eu\" project changed this.\n\nIn this talk I cover:\n\n  * How your phone really figures out where it is (so it can sell more expensive ads)\n    * How the \"satellite ephemeris\" is broadcast, what it means\n  * What is really in this 'assisted GPS'?\n  * The extensive ground infrastructure that is active 24/7 to determine the satellite orbits so GNSS is precise enough to tell which store you are in, or which side of the road you are driving on\n  * How GNSS are monitored in public by 100 Galmon.eu volunteers, running open source receivers all over the world\n     * And the research we enable\n  * Discussion of suitable hardware and GNSS-SDR that allows hackers to see each and every bit coming from the satellites\n  * A brief part on how GNSS can be spoofed and jammed, and the odd cryptography used to help detect or prevent this\n\nThe goal of this presentation is to expose the fascinating reality behind that little circle on your maps app, but also to explain how vulnerable this system is, which is why we need to monitor it closely.","original_language":"eng","persons":["bert hubert"],"tags":["mch2022","17","2022","MCH2022 Curated content"],"view_count":3969,"promoted":false,"date":"2022-07-26T13:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-24T18:45:05.375+01:00","length":2966,"duration":2966,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/17-dc0fe8c9-443d-5873-91ee-cca74db67c80.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/17-dc0fe8c9-443d-5873-91ee-cca74db67c80_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/17-dc0fe8c9-443d-5873-91ee-cca74db67c80.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/17-dc0fe8c9-443d-5873-91ee-cca74db67c80.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-17-how-do-gps-galileo-really-work-how-the-galmon-eu-monitors-all-navigation-satellites","url":"https://api.media.ccc.de/public/events/dc0fe8c9-443d-5873-91ee-cca74db67c80","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"826517eb-8950-5fe1-a7d7-345a7c0b7a8b","title":"It's not just stalkerware","subtitle":null,"slug":"mch2022-258-it-s-not-just-stalkerware","link":"https://program.mch2022.org/mch2022/talk/THP7HG/","description":"Stalking is unwanted and/or repeated surveillance by an individual or group toward another person. But what is the impact of tech companies making it easier to do this with the development of technology? In the news, we hear about the increase in stalkerware found on devices or scary government spyware. But it’s not just that, there are so many more common tools used by stalkers.\n\nFrom September 2020 to May 2021, the number of devices infected with stalkerware increased by 63 percent, according to a study by Norton Labs. But stalkerware is not what I encounter most when I get contacted by stalking victims. Almost anyone can become a victim of stalking; stalkers do not just target celebrities. Sometimes they are ex-partners known to the victim, other times they may be a casual acquaintance, or just a simple stranger. With stalkerware, the actor needs access to the device or needs to persuade the victim to install something. In cases where the stalker is a (ex-)partner, that might be doable. But in other cases, it is easier to gain access to the accounts of the victim, gather information about the victim from social media, or use tracking devices (looking at you Apple and Tile) to follow the victim. Tech companies develop new apps and gadgets seemingly without thinking about other ways these can be used. And they end up making it easier to stalk someone. But what can we do about this problem? Should we lower efforts hunting stalkerware and help victims gather evidence? Or can we do something else.","original_language":"eng","persons":["Chantal Stekelenburg"],"tags":["mch2022","258","2022","MCH2022 Curated content"],"view_count":279,"promoted":false,"date":"2022-07-23T15:40:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-12-14T23:15:07.540+01:00","length":1557,"duration":1557,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/258-826517eb-8950-5fe1-a7d7-345a7c0b7a8b.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/258-826517eb-8950-5fe1-a7d7-345a7c0b7a8b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/258-826517eb-8950-5fe1-a7d7-345a7c0b7a8b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/258-826517eb-8950-5fe1-a7d7-345a7c0b7a8b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-258-it-s-not-just-stalkerware","url":"https://api.media.ccc.de/public/events/826517eb-8950-5fe1-a7d7-345a7c0b7a8b","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"789658a2-07ac-5338-bfbb-4adf7e608279","title":"What can AI learn from your face?","subtitle":"The making of HowNormalAmI.eu","slug":"mch2022-92-what-can-ai-learn-from-your-face-the-making-of-hownormalami-eu","link":"https://program.mch2022.org/mch2022/talk/TKPHQJ/","description":"HowNormalAmI.eu is an interactive documentary that showcases how algorithms judge your beauty, age, gender, weight, life expectancy and emotions by simply looking at your face. The project not only shows how face recognition technology is entering our everyday lives, but it lets you experience these judgements yourself in a safe and privacy friendly way.\r\n\r\nThis talk will zoom in on one algorithm that tries to deduce your Body Mass Index (BMI). The 'making of' will discuss the ethical questions it raised, the dubious science behind it, the dodgy data sources, and the surprising companies that are playing around with this technology.\r\n\r\nHowNormalAmI.eu is an interactive documentary that showcases how algorithms judge your beauty, age, gender, weight, life expectancy and emotions by simply looking at your face. The project not only shows how face recognition technology is entering our everyday lives, but it lets you experience these judgements yourself in a safe and privacy friendly way.\r\n\r\nDutch artist Tijmen Schep has created this interactive experience to reveal how we are increasingly being judged on our face. For example, dating websites like Tinder uses beauty scoring algorithms to match people who are about equally attractive. Services like HireVue claims to find the optimal job applicants based on their 'micro expressions'.\r\n\r\nThis talk will zoom in on one algorithm that tries to deduce your Body Mass Index (BMI) from your face. The 'making of' will discuss the ethical questions it raised, the dubious science behind it, the dodgy data sources, and the surprising companies that are playing around with this technology.\r\n\r\nSince its launch in september of 2020 the project has been viewed over 185.000 times. If you want to find out if you're more attractive than the Spice girls, make sure you visit www.hownormalami.eu","original_language":"eng","persons":["Tijmen Schep"],"tags":["mch2022","92","2022","MCH2022 Curated content"],"view_count":159,"promoted":false,"date":"2022-07-26T11:40:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-02-15T22:45:11.006+01:00","length":1839,"duration":1839,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/92-789658a2-07ac-5338-bfbb-4adf7e608279.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/92-789658a2-07ac-5338-bfbb-4adf7e608279_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/92-789658a2-07ac-5338-bfbb-4adf7e608279.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/92-789658a2-07ac-5338-bfbb-4adf7e608279.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-92-what-can-ai-learn-from-your-face-the-making-of-hownormalami-eu","url":"https://api.media.ccc.de/public/events/789658a2-07ac-5338-bfbb-4adf7e608279","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"e25fe48f-efd5-5c96-9126-af54846c1d36","title":"UBports: Imagine a phone that does everything you expect and nothing you don't.","subtitle":null,"slug":"mch2022-124-ubports-imagine-a-phone-that-does-everything-you-expect-and-nothing-you-don-t-","link":"https://program.mch2022.org/mch2022/talk/HR9XSQ/","description":"This talk explains what the UBports Foundation does: managing the Ubuntu Touch OS for mobile devices. The challenges, the why, what and how.\n\nThe world needs another phone OS. With more focus on privacy. \nAnd the Ubuntu Touch OS tries to be the best in the field of open source OS's for mobile devices.\nIn this talk we tell you why.\nWe tell you about our challenges and how we try to solve them.\nThis means we tell you the \"what\"\nWhat is VoLTE and why do we need it in an open source phone OS?\nAnd we tell you the \"how\"\nHow are we working on VoLTE support in Ubuntu Touch?\nHow is knowledge management organized?\nHow do we develop software?\nHow are devices supported?\n\nThe world needs another phone OS. With more focus on privacy. \nAnd the Ubuntu Touch OS tries to be the best in the field of open source OS's for mobile devices.\nIn this talk we tell you why.\nWe tell you about our challenges and how we try to solve them.\nThis means we tell you the \"what\".\nFor example: What is VoLTE and why do we need it in an open source phone OS?\nAnd we tell you the \"how\"\nHow are we working on VoLTE support in Ubuntu Touch?\nHow is knowledge management organized?\nHow do we develop software?\nHow are devices supported?","original_language":"eng","persons":["Jeroen Baten"],"tags":["mch2022","124","2022","MCH2022 Curated content"],"view_count":350,"promoted":false,"date":"2022-07-24T16:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-31T19:45:05.597+02:00","length":2626,"duration":2626,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/124-e25fe48f-efd5-5c96-9126-af54846c1d36.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/124-e25fe48f-efd5-5c96-9126-af54846c1d36_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/124-e25fe48f-efd5-5c96-9126-af54846c1d36.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/124-e25fe48f-efd5-5c96-9126-af54846c1d36.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-124-ubports-imagine-a-phone-that-does-everything-you-expect-and-nothing-you-don-t-","url":"https://api.media.ccc.de/public/events/e25fe48f-efd5-5c96-9126-af54846c1d36","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"036bf7a5-70a6-5847-86df-ae7d9ea901fc","title":"Scientist Rebellion","subtitle":null,"slug":"mch2022-302-scientist-rebellion","link":"https://program.mch2022.org/mch2022/talk/9LZJYH/","description":"I present background, rationale and future plans of Scientist Rebellion, a growing international group of currently over a thousand scientists venturing into civil disobedience since writing more papers about the climate emergency does not yield the needed political sense of urgency and actions.\n\nI'll present Scientist Rebellion, an international group of scientists taking the scientific view of the climate emergency seriously, stepping away from writing yet another paper giving the same warnings and venturing into civil disobedience.\n\nWe've had worldwide (27 countries) actions and growing rapidly, as more scientists feel the necessity for society to do more (not just throwing more money at companies when they promise to be less polluting, but strict laws preventing such pollution levels).\n\nDutch site: https://www.scientistrebellion.nl/\n\nInternational site: https://scientistrebellion.com/","original_language":"eng","persons":["Elwin Oost"],"tags":["mch2022","302","2022","MCH2022 Curated content"],"view_count":135,"promoted":false,"date":"2022-07-24T18:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2025-07-16T20:15:03.386+02:00","length":2893,"duration":2893,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/302-036bf7a5-70a6-5847-86df-ae7d9ea901fc.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/302-036bf7a5-70a6-5847-86df-ae7d9ea901fc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/302-036bf7a5-70a6-5847-86df-ae7d9ea901fc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/302-036bf7a5-70a6-5847-86df-ae7d9ea901fc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-302-scientist-rebellion","url":"https://api.media.ccc.de/public/events/036bf7a5-70a6-5847-86df-ae7d9ea901fc","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"37edc8f7-2978-5df4-ae38-ee6a38e17872","title":"How to Secure the Software Supply Chain","subtitle":null,"slug":"mch2022-230-how-to-secure-the-software-supply-chain","link":"https://program.mch2022.org/mch2022/talk/VWGMEH/","description":"Open source code makes up 90% of most codebases. How do you know if you can trust your open source dependencies? Do you know what’s really going on in your node_modules folder? It is critical to manage your dependencies effectively to reduce risk but most teams have an ad-hoc process where any developer can introduce dependencies. Software supply chain attacks have exploded over the past 12 months and they’re only accelerating in 2022. We’ll dive into examples of recent supply chain attacks targeting the JavaScript, Node.js, and npm ecosystems, as well as concrete steps you can take to protect your apps, projects, and teams from this emerging threat.\n\nOpen source code makes up 90% of most codebases. How do you know if you can trust your open source dependencies? Do you know what’s really going on in your node_modules folder? It is critical to manage your dependencies effectively to reduce risk but most teams have an ad-hoc process where any developer can introduce dependencies. Software supply chain attacks have exploded over the past 12 months and they’re only accelerating in 2022. We’ll dive into examples of recent supply chain attacks targeting the Node.js, JavaScript, and npm ecosystems, as well as concrete steps you can take to protect your apps, projects, and teams from this emerging threat.\n\nTakeaways for this talk:\n\n1. Understand the scope of the supply chain threats against the open source ecosystem, specifically with a focus on JavaScript, Node.js, and npm.\n\n2. Review of our work to audit every open source package on npm to detect the following types of attacks: malware, typo-squats, hidden code, misleading packages, permission creep\n\n3. Specific examples and code walk-throughs of actual malware that was found on npm\n\n4. Discussion of existing methods and tools for detecting supply chain attacks against open source, including limitations\n\n5. Introduction of new open source tool which helps detect supply chain attacks in real-time","original_language":"eng","persons":["Feross Aboukhadijeh"],"tags":["mch2022","230","2022","MCH2022 Curated content"],"view_count":244,"promoted":false,"date":"2022-07-26T10:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-10-24T09:45:03.125+02:00","length":2836,"duration":2836,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/230-37edc8f7-2978-5df4-ae38-ee6a38e17872.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/230-37edc8f7-2978-5df4-ae38-ee6a38e17872_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/230-37edc8f7-2978-5df4-ae38-ee6a38e17872.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/230-37edc8f7-2978-5df4-ae38-ee6a38e17872.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-230-how-to-secure-the-software-supply-chain","url":"https://api.media.ccc.de/public/events/37edc8f7-2978-5df4-ae38-ee6a38e17872","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"f60180da-2a52-5de3-ba11-b4ffc1c5fcb0","title":"Lightning Talks Saturday","subtitle":null,"slug":"mch2022-316-1-lightning-talks-saturday","link":"https://program.mch2022.org/mch2022/talk/BZ3Y7X/","description":"Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.\n\nLightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.","original_language":"eng","persons":[],"tags":["mch2022","316","2022","MCH2022 Curated content"],"view_count":257,"promoted":false,"date":"2022-07-23T15:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-08-06T06:45:03.169+02:00","length":2935,"duration":2935,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/316-f60180da-2a52-5de3-ba11-b4ffc1c5fcb0.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/316-f60180da-2a52-5de3-ba11-b4ffc1c5fcb0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/316-f60180da-2a52-5de3-ba11-b4ffc1c5fcb0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/316-f60180da-2a52-5de3-ba11-b4ffc1c5fcb0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-316-1-lightning-talks-saturday","url":"https://api.media.ccc.de/public/events/f60180da-2a52-5de3-ba11-b4ffc1c5fcb0","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"1b709c85-9bb6-5474-84ca-88304f566223","title":"What to do when someone close to you takes their life and you are not Tech-Savvy","subtitle":null,"slug":"mch2022-219-0-what-to-do-when-someone-close-to-you-takes-their-life-and-you-are-not-tech-savvy","link":"https://program.mch2022.org/mch2022/talk/7PZANM/","description":"My son Jurre and I got involved in helping less Tech-Savvy people find answers and recover precious data after someone close to them took their own life. This lecture describes our challenging and emotional journey as we hope to inspire others to follow our path.\n\n\u003ca href=\"https://www.flickr.com/photos/dvanzuijlekom/24004514008/in/album-72157687649725580/\"\u003ePicture of Jurre and Jilles\u003c/a\u003e by \u003ca href=\"https://www.flickr.com/photos/dvanzuijlekom/\"\u003eDennis van Zuijlekom\u003c/a\u003e is licensed under \u003ca href=\"https://creativecommons.org/licenses/by-sa/2.0/\"\u003eCC BY SA 2.0\u003c/a\u003e\n\nAfter several talks about Hardware Hacking this talk will be one on a more serious matter. After someone takes their life and the police closes their case, the next of kin may still have questions that are left  unanswered. This talk is about our journey from being nerds helping out with computer problems to specialists trying to help the next of kin find answers to questions they might still have. \n\nAnd as this talk will be hosted for computer specialist who spend quite some effort making sure they are protected from external threat ask yourself this question; Will your loved ones be able to control the infrastructure or even have access to the family photo's when you pass away?","original_language":"eng","persons":["Jilles Groenendijk","Jurre Groenendijk"],"tags":["mch2022","219","2022","MCH2022 Curated content"],"view_count":300,"promoted":false,"date":"2022-07-26T12:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-02-04T05:45:04.294+01:00","length":2014,"duration":2014,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/219-1b709c85-9bb6-5474-84ca-88304f566223.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/219-1b709c85-9bb6-5474-84ca-88304f566223_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/219-1b709c85-9bb6-5474-84ca-88304f566223.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/219-1b709c85-9bb6-5474-84ca-88304f566223.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-219-0-what-to-do-when-someone-close-to-you-takes-their-life-and-you-are-not-tech-savvy","url":"https://api.media.ccc.de/public/events/1b709c85-9bb6-5474-84ca-88304f566223","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"0901b529-870d-5995-92de-3272181d7117","title":"Hacking COVID: Hackers helping the government","subtitle":null,"slug":"mch2022-256-hacking-covid-hackers-helping-the-government","link":"https://program.mch2022.org/mch2022/talk/BVGYKQ/","description":"During the COVID19-pandemic the Netherlands turned to hackers to help them make digital solutions to fight the pandemic. Why was it? What does this do to a government body like ministry? What does this mean for privacy, security and the tech choices that are made?\n\nIn 2020, when the pandemic started, scientists suggested to also digitally support fighting the pandemic. One of the suggestions was digitally supported contact tracing. After first asking the market for solutions the Dutch Ministry of Health, Welfare and Sport decided to self build open, privacy friendly, secure and accessible solutions with help of a large open source community.\n\nWhen vaccinations became available and timeframes for building solutions were near impossible the next step was clear: get hackers involved. This isn’t just to stick to the values, but also to create solutions in ways that aren’t always common for governments. How do you hack processes and rules to create what some ministries called magic?\n\nThis talk will tell the inside hacker tale of the pandemic and show the dilemmas that were overcome. This is a story of hackers in a ministry at the heat of the moment.","original_language":"eng","persons":["Brenno de Winter","Ron Roozendaal"],"tags":["mch2022","256","2022","MCH2022 Curated content"],"view_count":279,"promoted":false,"date":"2022-07-24T14:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-11T15:00:11.611+01:00","length":2911,"duration":2911,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/256-0901b529-870d-5995-92de-3272181d7117.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/256-0901b529-870d-5995-92de-3272181d7117_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/256-0901b529-870d-5995-92de-3272181d7117.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/256-0901b529-870d-5995-92de-3272181d7117.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-256-hacking-covid-hackers-helping-the-government","url":"https://api.media.ccc.de/public/events/0901b529-870d-5995-92de-3272181d7117","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"e6db56d5-f259-5ffb-98c8-b6bd2f48d4a7","title":"illumos SmartOS, specialized Type 1 Hypervisor","subtitle":null,"slug":"mch2022-39-illumos-smartos-specialized-type-1-hypervisor","link":"https://program.mch2022.org/mch2022/talk/SNNLNX/","description":"Overview of **SmartOS** - an illumos based distribution with **focus of virtualization**. Must be named technologies used by SmartOS: ZFS, Crossbow, Zones, DTrace, Bhyve. The talk will show you the benefits of SmartOS; Configuration and management of SmartOS virtualization technologies; Tooling on top of SmartOS.\n\nSmartOS is a specialized Type 1 Hypervisor platform based on illumos.  It supports two types of virtualization:\n\n- OS Virtual Machines (Zones): A light-weight virtualization solution offering a complete and secure userland environment on a single global kernel, offering true bare metal performance and all the features illumos has, namely dynamic introspection via DTrace\n- Hardware Virtual Machines (KVM, Bhyve): A full virtualization solution for running a variety of guest OS's including Linux, Windows, *BSD, Plan9 and more\n\nVirtualization in SmartOS builds on top of the foundational illumos technologies inherited from OpenSolaris, namely:\n\n- ZFS for storage virtualization\n- Crossbow (dladm) for network virtualization\n- Zones for virtualization and containment\n- DTrace for introspection\n- SMF for service management\n- RBAC/BSM for auditing and role based security\n- And more","original_language":"eng","persons":["drscream"],"tags":["mch2022","39","2022","MCH2022 Curated content"],"view_count":199,"promoted":false,"date":"2022-07-25T23:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-14T23:30:07.228+01:00","length":1624,"duration":1624,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/39-e6db56d5-f259-5ffb-98c8-b6bd2f48d4a7.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/39-e6db56d5-f259-5ffb-98c8-b6bd2f48d4a7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/39-e6db56d5-f259-5ffb-98c8-b6bd2f48d4a7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/39-e6db56d5-f259-5ffb-98c8-b6bd2f48d4a7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-39-illumos-smartos-specialized-type-1-hypervisor","url":"https://api.media.ccc.de/public/events/e6db56d5-f259-5ffb-98c8-b6bd2f48d4a7","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"689c913c-4a9b-5afe-9c00-ceab1af64a54","title":"No Permissions Needed!","subtitle":null,"slug":"mch2022-90-no-permissions-needed-","link":"https://program.mch2022.org/mch2022/talk/DWWQAN/","description":"Data keeps flowing! In Android, we have the concept of permissions, users feel confident that only if they turn on the permission, their data is shared. But what about an app silently sitting on your device with no permission whatsoever! What can that app know about you?\n\nIn this talk, I'll talk about the Privacy Posture of Android!\nWhat kind of data is being collected, and how is it channelled and used? How does advertising work on mobile?\nCan your device be fingerprinted? What kind of privacy threats exists on Android?\nWe will learn about the permission model of Android and how permissions operate at the kernel level!\nThis shall be followed by a demo of an Android app, which needs no permission from the user. We will see what all information can be retrieved from your device, without any permission!","original_language":"eng","persons":["Aditi Bhatnagar"],"tags":["mch2022","90","2022","MCH2022 Curated content"],"view_count":208,"promoted":false,"date":"2022-07-26T14:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-02-18T06:00:03.262+01:00","length":1815,"duration":1815,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/90-689c913c-4a9b-5afe-9c00-ceab1af64a54.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/90-689c913c-4a9b-5afe-9c00-ceab1af64a54_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/90-689c913c-4a9b-5afe-9c00-ceab1af64a54.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/90-689c913c-4a9b-5afe-9c00-ceab1af64a54.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-90-no-permissions-needed-","url":"https://api.media.ccc.de/public/events/689c913c-4a9b-5afe-9c00-ceab1af64a54","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"c55fce25-4859-53a1-9e1f-baaec20be9ad","title":"IOT: International Outage Technology (Disclosure of DIVD-2022-00009)","subtitle":null,"slug":"mch2022-350-iot-international-outage-technology-disclosure-of-divd-2022-00009-","link":"https://program.mch2022.org/mch2022/talk/FEZFET/","description":"DIVD researcher Jelle (aka SchizoDuckie) has a hobby. He likes to find credentials in places where they don't belong, like GitHub and Postman. And this hobby has gotten him into many places he should not have, like the Dutch Tax office and many larger company.\n\nBut, in February 2022 he found an account with an even bigger reach, an account who's abuse could mean trouble for our national critical infrastructure. His simple GitHub query uncovered a secret that could switch off a country, now what...\n\nWhile Jelle is enjoying his vacation his DIVD colleagues, Chris van 't Hof, Célistine Oosting and Frank Breedijk,  will present the story of one of the more significant vulnerabilities discovered by DIVD this year. The long windy but mostly slow and silent road to disclosure and remediation and how mitigation did not take away all the risks.\nThis talk digs into the, up to this point, untold story of case DIVD-2022-00009 and will include numbers \"Doc\" Brown will jealous of.","original_language":"eng","persons":["Frank Breedijk"],"tags":["mch2022","350","2022","MCH2022 Curated content"],"view_count":896,"promoted":false,"date":"2022-07-24T12:40:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-07T11:45:06.348+01:00","length":1119,"duration":1119,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/350-c55fce25-4859-53a1-9e1f-baaec20be9ad.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/350-c55fce25-4859-53a1-9e1f-baaec20be9ad_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/350-c55fce25-4859-53a1-9e1f-baaec20be9ad.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/350-c55fce25-4859-53a1-9e1f-baaec20be9ad.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-350-iot-international-outage-technology-disclosure-of-divd-2022-00009-","url":"https://api.media.ccc.de/public/events/c55fce25-4859-53a1-9e1f-baaec20be9ad","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"1bc6200d-7557-57a5-a874-8175c76c5384","title":"Running a Domain Registrar for Fun and (some) Profit","subtitle":null,"slug":"mch2022-289-running-a-domain-registrar-for-fun-and-some-profit","link":"https://program.mch2022.org/mch2022/talk/RETGE7/","description":"Ever wondered what happens behind the scenes when you click buy on that domain for a new side project that'll definitely happen (you will get to it eventually, right)? Well this is the talk for you! We'll cover all the extremely cursed details of how exactly one sells and manages a domain, the standards for this (or lack thereof), and some pointers for how you could get started managing your own domains directly, if you're not completely put off by this talk's contents.\n\nBack at the start of lockdown in 2020 I think we where all a bit bored at home with not much to do; well, me and a friend decided it would be a good idea to start a domain registrar (big mistake, big, huge). This is the tale of how that went, what we learn, and why you might not want to do it yourself. \n\nWe'll cover the technical aspects of how a domain is actually managed by your registrar, touch on the absolutely crazy business structures of the domain world with the likes of ICANN and friends, and how we ended up in this situation. Some of the standards are extremely cursed, some are extremely old, most are both. We'll also cover more recent developments in the domain space, such as the move from WHOIS to RDAP, and improvements in DNSSEC deployment.\n\nAnd finally after all that if you decide that somehow this is something you want more of in your life we'll give some pointers for how one might setup their own registrar, especially if they want to take greater control of their own domains, or just have some fun.","original_language":"eng","persons":["Q Misell"],"tags":["mch2022","289","2022","MCH2022 Curated content"],"view_count":3173,"promoted":false,"date":"2022-07-23T10:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-31T10:30:05.824+02:00","length":3041,"duration":3041,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/289-1bc6200d-7557-57a5-a874-8175c76c5384.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/289-1bc6200d-7557-57a5-a874-8175c76c5384_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/289-1bc6200d-7557-57a5-a874-8175c76c5384.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/289-1bc6200d-7557-57a5-a874-8175c76c5384.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-289-running-a-domain-registrar-for-fun-and-some-profit","url":"https://api.media.ccc.de/public/events/1bc6200d-7557-57a5-a874-8175c76c5384","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"f9e115c1-6da6-5f35-b9b4-9f95f8e49e58","title":"Hacking the genome: how does it work, and should we?","subtitle":null,"slug":"mch2022-16-hacking-the-genome-how-does-it-work-and-should-we-","link":"https://program.mch2022.org/mch2022/talk/Y898KK/","description":"Building on the very well attended DNA presentations (\"DNA: The Code Of Life\") at SHA2017, this talk will cover:\n\n * A brief recap what DNA is and how it works\n   * It is surprisingly digital!\n * How reading DNA is within 'pro-sumer' reach now\n   * (I might bring a live demo for after the talk)\n * An overview of DNA editing technologies (offline, and online: on living organisms)\n    * Including the famous CRISPR-CAS, but also newer variants\n * How does such editing actually work in a lab?\n * The surprising lack of a definitive link between most DNA mutations and any effect\n * Could you hack your DNA? Will people start doing this?\n   * Should we try to stop them?\n * Wild speculation on what this might mean for the future\n\nThe goal of this presentation is to provide real non-hyped information on what DNA editing is and what it might achieve. And since we are hackers, I hope to explain how a hackerspace could start reading DNA right now with USB-powered hardware. And finally, since no hacker can resist tinkering: could you hack your own genome, or your cat's, or improve on your favorite plant?\n\nBuilding on the very well attended DNA presentations (\"DNA: The Code Of Life\") at SHA2017, this talk will cover:\n\n * A brief recap what DNA is and how it works\n   * It is surprisingly digital!\n * How reading DNA is within 'pro-sumer' reach now\n   * (I might bring a live demo for after the talk)\n * An overview of DNA editing technologies (offline, and online: on living organisms)\n    * Including the famous CRISPR-CAS, but also newer variants\n * How does such editing actually work in a lab?\n * The surprising lack of a definitive link between most DNA mutations and any effect\n * Could you hack your DNA? Will people start doing this?\n   * Should we try to stop them?\n * Wild speculation on what this might mean for the future\n\nThe goal of this presentation is to provide real non-hyped information on what DNA editing is and what it might achieve. And since we are hackers, I hope to explain how a hackerspace could start reading DNA right now with USB-powered hardware. And finally, since no hacker can resist tinkering: could you hack your own genome, or your cat's, or improve on your favorite plant?","original_language":"eng","persons":["bert hubert"],"tags":["mch2022","16","2022","MCH2022 Curated content"],"view_count":1435,"promoted":false,"date":"2022-07-22T20:40:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2026-03-28T13:15:07.006+01:00","length":2947,"duration":2947,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/16-f9e115c1-6da6-5f35-b9b4-9f95f8e49e58.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/16-f9e115c1-6da6-5f35-b9b4-9f95f8e49e58_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/16-f9e115c1-6da6-5f35-b9b4-9f95f8e49e58.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/16-f9e115c1-6da6-5f35-b9b4-9f95f8e49e58.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-16-hacking-the-genome-how-does-it-work-and-should-we-","url":"https://api.media.ccc.de/public/events/f9e115c1-6da6-5f35-b9b4-9f95f8e49e58","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"f77cc2ec-df99-5804-a8da-1dabbb7e09fe","title":"Lightning Talks Friday","subtitle":null,"slug":"mch2022-315-lightning-talks-friday","link":"https://program.mch2022.org/mch2022/talk/G9ZWRZ/","description":"Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.\n\nLightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.","original_language":"eng","persons":[],"tags":["mch2022","315","2022","MCH2022 Curated content"],"view_count":193,"promoted":false,"date":"2022-07-22T19:00:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2025-11-04T12:00:05.539+01:00","length":2182,"duration":2182,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/315-f77cc2ec-df99-5804-a8da-1dabbb7e09fe.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/315-f77cc2ec-df99-5804-a8da-1dabbb7e09fe_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/315-f77cc2ec-df99-5804-a8da-1dabbb7e09fe.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/315-f77cc2ec-df99-5804-a8da-1dabbb7e09fe.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-315-lightning-talks-friday","url":"https://api.media.ccc.de/public/events/f77cc2ec-df99-5804-a8da-1dabbb7e09fe","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"11dca000-b5f0-5ff3-96c0-d5f7c65569c8","title":"Cryptography is easy, but no magic. Use it. Wisely.","subtitle":null,"slug":"mch2022-231-0-cryptography-is-easy-but-no-magic-use-it-wisely-","link":"https://program.mch2022.org/mch2022/talk/S7GEZF/","description":"Using cryptography can give you easy assurances, keep data confidential and keep prying eyes from stuff where they should not be.\n\nHowever it's not magic.\nThis talk is intended for programmers, users and software designers.\n\nThis talk is about hardcore mathematics while you should not have to understand what the mathematics are but what they do.\n\nWhat does cryptography do: encrypt, decrypt, sign and verify.\nHow are certificates used in cryptogaphy and why are they totally not a magical thing.\n\nIt covers what cool hardware is available, open design and open source, hardware tokens and how to use TPM for cool features.\n\nAnd last but not least: it contains best practices and warnings. After this talk you might be able to see what's snakeoil and what is real.\n\n== NFT's are a scam. If you are into crypto-bullshit please stay away. ==\n\nCryptography seems like magic anytime you at first look at it.\nIn the past years I have been helping a lot of projects and customers with my more-than-basic knowledge about applied cryptography.\n\nI'll talk about:\n* What is cryptography (basic math)\n  - encryption\n  - decryption\n  - digital signatures\n  - digital signature verification\n* What can it do for you?\n  - Deliver security\n  - Deliver privacy\n  - Deliver dataloss\n* When to use encryption\n  - what cryptography do you want to build (hint: none)\n  - what cryptography do you want to use (a- or symetrical encryption).\n  - how do you do key management\n  - where to find the best practices\n* About hardware\n  - Provide security\n  - Provide speed\n  - HSM, TPM, processor and other acceleration\n* Standards\n  - The good, the bad, the ugly\n  - Old ones\n  - New ones\n  - Very special ones\n* Limitations and workarounds\n* Software\n  - How to avoid OpenSSL\n* This all in random() order. Random = 4","original_language":"eng","persons":["Lord BugBlue"],"tags":["mch2022","231","2022","MCH2022 Curated content"],"view_count":513,"promoted":false,"date":"2022-07-26T14:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-04-02T11:45:06.356+02:00","length":1706,"duration":1706,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/231-11dca000-b5f0-5ff3-96c0-d5f7c65569c8.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/231-11dca000-b5f0-5ff3-96c0-d5f7c65569c8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/231-11dca000-b5f0-5ff3-96c0-d5f7c65569c8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/231-11dca000-b5f0-5ff3-96c0-d5f7c65569c8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-231-0-cryptography-is-easy-but-no-magic-use-it-wisely-","url":"https://api.media.ccc.de/public/events/11dca000-b5f0-5ff3-96c0-d5f7c65569c8","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"caa5c240-1d39-53e4-ba09-60ad31868c60","title":"The tooling ecosystem that adds joy to KiCad","subtitle":null,"slug":"mch2022-332-the-tooling-ecosystem-that-adds-joy-to-kicad","link":"https://program.mch2022.org/mch2022/talk/T8XRKC/","description":"A number of people have built wonderful and useful tools to make the life of KiCad users easier. cpresser and Kliment are here to give you a tour of a number of the most useful addons, and show you what they're good for and how they can improve your life.\n\nWe will go through a number of tools that people have built into the KiCad ecosystem - you may have used some of them, but a surprising number of KiCad users aren't aware they exist. We're here to fix that. We'll show you how to make your boards have fancy labels, how to get an interactive assembly guide for your designs, how to easily pack a bunch of boards in a production panel, how to automatically generate footprints, how to make your PCBs fit the real world, how to not repeat your effort when making lots of the same circuit, and how to not make terrible mistakes and lose your work. It will be a wild tour, but you'll have much more fun with your PCB design work afterwards.","original_language":"eng","persons":["Kliment","cpresser"],"tags":["mch2022","332","2022","MCH2022 Curated content"],"view_count":4597,"promoted":false,"date":"2022-07-22T22:40:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2026-04-01T09:30:04.947+02:00","length":1722,"duration":1722,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/332-caa5c240-1d39-53e4-ba09-60ad31868c60.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/332-caa5c240-1d39-53e4-ba09-60ad31868c60_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/332-caa5c240-1d39-53e4-ba09-60ad31868c60.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/332-caa5c240-1d39-53e4-ba09-60ad31868c60.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-332-the-tooling-ecosystem-that-adds-joy-to-kicad","url":"https://api.media.ccc.de/public/events/caa5c240-1d39-53e4-ba09-60ad31868c60","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"708f89fe-1371-5072-b27f-546db3caf586","title":"Project TEMPA - Demystifying Tesla's Bluetooth Passive Entry System","subtitle":null,"slug":"mch2022-235-project-tempa-demystifying-tesla-s-bluetooth-passive-entry-system","link":"https://program.mch2022.org/mch2022/talk/DCTJDE/","description":"The security of Tesla's cars has been a hot topic in recent months. In addition to being one of the safest cars on the road, it is also well-protected from hacks and attacks. But how does Tesla make sure their vehicles are safe and secure? \n\nThis case study sheds light on the inner workings of Tesla's Passive Entry System and core VCSEC protocol, and reveals possible attack vectors.\n\nThe security of Tesla's cars has been a hot topic in recent months. In addition to being one of the safest cars on the road, it is also well-protected from hacks and attacks. But how does Tesla make sure their vehicles are safe and secure?\n\nTesla is a company that has been innovating in the automobile industry for many years. They have been designing and manufacturing electric vehicles which are environmentally friendly and sustainable. Tesla has also been pioneering and implementing new technologies in the automotive industry. One of these innovations is their Bluetooth interface which is used for locking and unlocking vehicles and can be used to uniquely identify cars, as well as to track them in real-time with apps like \"Tesla Radar\".\n\nThe introduction of Tesla's Bluetooth passive entry system, previously only used by model 3 and model y, into new product lines like the Tesla 2021 Model S/X facelift variant, shows the strategic importance of this technology for Tesla in the years to come.\n\nThis case study sheds light on the inner workings of Tesla's Passive Entry System and core VCSEC protocol, and reveals possible attack vectors.","original_language":"eng","persons":["Martin Herfurt"],"tags":["mch2022","235","2022","MCH2022 Curated content"],"view_count":500,"promoted":false,"date":"2022-07-25T16:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-01-04T22:45:24.961+01:00","length":3071,"duration":3071,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/235-708f89fe-1371-5072-b27f-546db3caf586.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/235-708f89fe-1371-5072-b27f-546db3caf586_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/235-708f89fe-1371-5072-b27f-546db3caf586.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/235-708f89fe-1371-5072-b27f-546db3caf586.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-235-project-tempa-demystifying-tesla-s-bluetooth-passive-entry-system","url":"https://api.media.ccc.de/public/events/708f89fe-1371-5072-b27f-546db3caf586","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"347d07f3-e195-5090-9b27-536b567cb14e","title":"Single Sign-On: A Hacker's Perspective","subtitle":null,"slug":"mch2022-201-single-sign-on-a-hacker-s-perspective","link":"https://program.mch2022.org/mch2022/talk/MTTAXV/","description":"This talk gives an introduction in how single sign-on protocols (such as SAML, OAuth 2, and Open ID Connect) work. Subsequently, I will talk about the most commonly found vulnerabilities in these protocols. Finally, I will show various ways to resolve these vulnerabilities.\n\nSingle sign-on remains a hot topic in 2022. Many organisations are in the process of moving identity management and authentication out of of their application, and offload it to an identity provider. By doing so, application owners hope to avoid the challenges that come with identity management. However, the application will still needs to obtain the user’s identity from the identity provider, which is done using a single sign-on protocol.\n \nUnfortunately (or fortunately?), single sign-on protocols are difficult to get right. Flaws in the implementation of single sign-on protocols can have serious consequences. In the worst case, such flaws allow hackers to log into the application as an arbitrary user. And this is not just a theoretical risk, but something I encounter in my work as ethical hacker on a regular basis.\n \nI will start this talk by giving an introduction to some of the protocols that are commonly used to achieve single-sign on. Such protocols include SAML, OAuth 2, and Open ID Connect. Subsequently, I will talk about the state of single-sign on applications as I encounter them as an ethical hacker. I will demonstrate which vulnerabilities I encounter in the real world, and what the consequences of such vulnerabilities could be.\n \nAt the end of this talk, you should have a good overview of how single sign-on protocols work, what types of vulnerabilities typically occur in them, and how to protect against such vulnerabilities.","original_language":"eng","persons":["Matthijs Melissen"],"tags":["mch2022","201","2022","MCH2022 Curated content"],"view_count":1111,"promoted":false,"date":"2022-07-25T21:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-04T20:15:07.023+01:00","length":2724,"duration":2724,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/201-347d07f3-e195-5090-9b27-536b567cb14e.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/201-347d07f3-e195-5090-9b27-536b567cb14e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/201-347d07f3-e195-5090-9b27-536b567cb14e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/201-347d07f3-e195-5090-9b27-536b567cb14e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-201-single-sign-on-a-hacker-s-perspective","url":"https://api.media.ccc.de/public/events/347d07f3-e195-5090-9b27-536b567cb14e","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"1f5a0c00-5358-5f93-991b-98337703cbaa","title":"Non-Euclidean Doom: what happens to a game when pi is not 3.14159…","subtitle":null,"slug":"mch2022-236-non-euclidean-doom-what-happens-to-a-game-when-pi-is-not-3-14159-","link":"https://program.mch2022.org/mch2022/talk/ZM99EG/","description":"We all know that the value of pi is a constant with a particular immutable value. Anyone who has done any graphical programming also knows that visual rendering relies not just on pi but trigonometry more broadly as well as other mathematical techniques. If we look into the source code of the first person shooter Doom we find that the value of pi used in the game is wrong. In this talk I will explore what happens when we subtly and not so subtly break math in the source.\n\nDoom is a well known classic first person shooter game with source code released under the GPL in 1999. In this talk I will begin by exploring what happens to the game when we make the value of pi even more wrong. What about when we change other trigonometric functions and constants to incorrect values? How will our familiar understanding and ability to traverse this virtual world change when we do this. Are there any interesting gaming possibilities with non-Euclidean geometries? A brief segway will cover some optimization tricks made to enable the game to run well on hardware available at the time. At the end I will provide a link to other games and public source code repositories that also use an incorrect value of pi. Pointers will also be provided to allow the audience to compile their own incorrect math version of the game.","original_language":"eng","persons":["Luke Gotszling"],"tags":["mch2022","236","2022","MCH2022 Curated content"],"view_count":103009,"promoted":false,"date":"2022-07-23T22:40:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-04-02T18:15:05.946+02:00","length":1153,"duration":1153,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/236-1f5a0c00-5358-5f93-991b-98337703cbaa.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/236-1f5a0c00-5358-5f93-991b-98337703cbaa_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/236-1f5a0c00-5358-5f93-991b-98337703cbaa.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/236-1f5a0c00-5358-5f93-991b-98337703cbaa.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-236-non-euclidean-doom-what-happens-to-a-game-when-pi-is-not-3-14159-","url":"https://api.media.ccc.de/public/events/1f5a0c00-5358-5f93-991b-98337703cbaa","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"c27c4d3e-00c4-566a-9e7d-624f215deff4","title":"Hope : It is too late to be pessimistic (about climate change)","subtitle":null,"slug":"mch2022-339-hope-it-is-too-late-to-be-pessimistic-about-climate-change-","link":"https://program.mch2022.org/mch2022/talk/KFEEZ7/","description":"We know that we are in trouble as a human society, so what are we going to do about it?\n\n    Showcase projects that do good things\n    What can you do?\n    Tension between system-level problems and the massive powers that be and the scope of individual impact. How do you leverage your privilege?\n    imagining yourself in 2050 narratives.\n\nWe know that we are in trouble as a human society, so what are we going to do about it?\n\n    Showcase projects that do good things\n    What can you do?\n    Tension between system-level problems and the massive powers that be and the scope of individual impact. How do you leverage your privilege?\n    imagining yourself in 2050 narratives.","original_language":"eng","persons":["Smári McCarthy"],"tags":["mch2022","339","2022","Emergent 🌍"],"view_count":147,"promoted":false,"date":"2022-07-25T15:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-01-27T16:00:10.666+01:00","length":5531,"duration":5531,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/339-c27c4d3e-00c4-566a-9e7d-624f215deff4.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/339-c27c4d3e-00c4-566a-9e7d-624f215deff4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/339-c27c4d3e-00c4-566a-9e7d-624f215deff4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/339-c27c4d3e-00c4-566a-9e7d-624f215deff4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-339-hope-it-is-too-late-to-be-pessimistic-about-climate-change-","url":"https://api.media.ccc.de/public/events/c27c4d3e-00c4-566a-9e7d-624f215deff4","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"b435a602-1153-52cb-9689-504f202ec63c","title":"bug hunting for normal people","subtitle":null,"slug":"mch2022-180-bug-hunting-for-normal-people","link":"https://program.mch2022.org/mch2022/talk/HVQDNE/","description":"A series of isolated problems encountered when attempting to fuzz software, in this case Adobe Reader (DC), and hackish solutions to said problems. Constructing a fuzzing pipeline capable of finding real bugs by stringing together freely available tools creating the bare minimum of glue.\n\nStarting from target selection, moving over requirements for a given fuzzing campaign to smart input generation, briefly touching on scaling challenges and performance issues. This presentation describes a practical approach to creating a fuzzing pipeline with the purpose of finding real world bugs in closed source software, in this case Adobe Reader (dc). The approach taken is suitable for anyone with basic scripting capabilities, is easy to replicate, and leads to bug hunting capabilities without a doctoral degree or years of experience in vulnerability discovery.","original_language":"eng","persons":["knud"],"tags":["mch2022","180","2022","MCH2022 Curated content"],"view_count":313,"promoted":false,"date":"2022-07-23T12:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-08-09T16:30:03.134+02:00","length":2920,"duration":2920,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/180-b435a602-1153-52cb-9689-504f202ec63c.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/180-b435a602-1153-52cb-9689-504f202ec63c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/180-b435a602-1153-52cb-9689-504f202ec63c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/180-b435a602-1153-52cb-9689-504f202ec63c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-180-bug-hunting-for-normal-people","url":"https://api.media.ccc.de/public/events/b435a602-1153-52cb-9689-504f202ec63c","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"b40aa68e-fb82-59ab-9057-ca72d97b0e7c","title":"My journey to find vulnerabilities in macOS","subtitle":null,"slug":"mch2022-291-my-journey-to-find-vulnerabilities-in-macos","link":"https://program.mch2022.org/mch2022/talk/973QGG/","description":"My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will also explain my methodology to find logic bugs.\n\nMy journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click.\n\nI will walk you through how I solved the following steps:\n- Fundamentals how I find vulnerabilities\n- Basics about the \"extra\" security protections in macOS\n- How to get payload delivered with one click\n- Code execution with arbitrary mount\n- Gatekeepper evasion\n- TCC protection evasion\n- SIP -protection evasion\n- Timeline\n- How Apple will credit the researches","original_language":"eng","persons":["Turmio / Mikko Kenttälä"],"tags":["mch2022","291","2022","MCH2022 Curated content"],"view_count":269,"promoted":false,"date":"2022-07-24T15:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-26T14:15:05.523+01:00","length":2379,"duration":2379,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/291-b40aa68e-fb82-59ab-9057-ca72d97b0e7c.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/291-b40aa68e-fb82-59ab-9057-ca72d97b0e7c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/291-b40aa68e-fb82-59ab-9057-ca72d97b0e7c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/291-b40aa68e-fb82-59ab-9057-ca72d97b0e7c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-291-my-journey-to-find-vulnerabilities-in-macos","url":"https://api.media.ccc.de/public/events/b40aa68e-fb82-59ab-9057-ca72d97b0e7c","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"3177c7d6-c097-5c07-92ce-7445aeda302e","title":"Badge talk","subtitle":null,"slug":"mch2022-205-badge-talk","link":"https://program.mch2022.org/mch2022/talk/HVGFKB/","description":"A high bar set by earlier creations, a pandemic, a postponed event and chip shortages made for a great challenge and a wild adventure creating the MCH2022 badge. This talk explains how we pulled off our most advanced creation yet. We will tell you about the process of converting a vague idea into a piece of electronics, including the prototyping process and the difficulties we encountered.\n\nBodging badges in a time where the pandemic and the chip shortage makes creating a cool gadget near impossible. This talk explains how we pulled off our most advanced creation yet (or not, depending on how things go...). We will tell you about the process of converting a vague idea into a piece of electronics, including the prototyping process and the difficulties we encountered.","original_language":"eng","persons":["Anne Jan Brouwer","BADGE.TEAM","Reinier van der Leer","Renze Nicolai","RobotMan2412"],"tags":["mch2022","205","2022","MCH2022 Curated content"],"view_count":319,"promoted":false,"date":"2022-07-26T13:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-12-17T16:00:06.893+01:00","length":2655,"duration":2655,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/205-3177c7d6-c097-5c07-92ce-7445aeda302e.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/205-3177c7d6-c097-5c07-92ce-7445aeda302e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/205-3177c7d6-c097-5c07-92ce-7445aeda302e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/205-3177c7d6-c097-5c07-92ce-7445aeda302e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-205-badge-talk","url":"https://api.media.ccc.de/public/events/3177c7d6-c097-5c07-92ce-7445aeda302e","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"974ce89d-6dbf-5474-b93b-4cccfb5692a9","title":"HomeComputerMuseum, the making, the challenges and the importance.","subtitle":null,"slug":"mch2022-140-homecomputermuseum-the-making-the-challenges-and-the-importance-","link":"https://program.mch2022.org/mch2022/talk/XTJRMK/","description":"The HomeComputerMuseum's idea originated in 2016 and opened the doors in 2018. Since then, we faced several challenges but we came out on the other end and became one of the largest museums about computers with an award-winning social impact, an enormous social network, collaborations over the whole world and even are of essential importance to the Dutch government. The talk is about the original concept, how we build it to what it is now.\n\nThe original concept of the HomeComputerMuseum is a hands-on computermuseum dedicated to the home computer or connected computers. Because a museum is a terrible businessplan I decided to create a few services, like repairs, selling overstock and reading old media. For this could not be done by one person, I decided to have people with autism help me by simply not putting a label on them. The businessplan was created and eventually a building was rented. The entire museum is physically built in 7 days (not even kidding) and we were off to a very rough start and even balancing on the edge of bankruptcy. However, we managed to stay afloat and we even moved to a much better and bigger building where we enjoyed for a full month before corona hit the museum. As an unsubsidized museum and without big sponsors we were faced a brand new challenge. But we overcame and grew stronger than ever.... (and then there's plenty of story to tell more).","original_language":"eng","persons":["Bart van den Akker"],"tags":["mch2022","140","2022","MCH2022 Curated content"],"view_count":115,"promoted":false,"date":"2022-07-23T19:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-07-06T22:45:03.568+02:00","length":3087,"duration":3087,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/140-974ce89d-6dbf-5474-b93b-4cccfb5692a9.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/140-974ce89d-6dbf-5474-b93b-4cccfb5692a9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/140-974ce89d-6dbf-5474-b93b-4cccfb5692a9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/140-974ce89d-6dbf-5474-b93b-4cccfb5692a9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-140-homecomputermuseum-the-making-the-challenges-and-the-importance-","url":"https://api.media.ccc.de/public/events/974ce89d-6dbf-5474-b93b-4cccfb5692a9","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"8f31582a-95a9-556e-b753-b0e2686efc1c","title":"What have you done against covid ","subtitle":"(a personal retrospective)","slug":"mch2022-121-what-have-you-done-against-covid-a-personal-retrospective-","link":"https://program.mch2022.org/mch2022/talk/PHSMTF/","description":"From complaining out loud about a televised government app-a-thon to being hired by the Ministry of Health, Welfare and Sport as lead developer RoHS running a team of devs to work on all the covid backend infrastructure exception routes and making sure no person is left in digital limbo in just under an hour.\r\n\r\nWhen late 2019 the first signs from China of the novel Corona virus came I was intrigued,\r\nDuring the first \"lock down\" in the Netherlands our Ministry of Health, Welfare and Sport created an app-a-thon . . and much hilarity ensued. \r\n\r\nAs all geeks had seen . . nice ideas people . . but Apple and Google already have a standard agreed.\r\nAnd a lot of us \"Dutch Hackers\" where pretty vocal about it as usual.\r\n\r\nMeanwhile at \"the ministry\" a civil servant started hiring people from the Dutch hacker scene.\r\n\r\nLate December 2020 it came to their attention that there was some missing or ancient infrastructure in place for vaccine registration, not at all ready for the then upcoming vaccination landrush.\r\n\r\n14th of December I get a call . . can you clean your calendar for the year?\r\n\r\nSure . . just over two weeks, one of them I had planned as holiday anyway to watch CCCongres talks. . \r\n\r\nLittle did I know they meant clear agenda for 2021 .. and 2022 . . not 2020.\r\n\r\nThis story takes you from getting very privacy and security aware infrastructure for registering the first ever Covid vaccination in the Netherlands built and tested in 3 weeks to the current state of the DCC infra up close and personal.","original_language":"eng","persons":["Anne Jan Brouwer","Lord BugBlue"],"tags":["mch2022","121","2022","MCH2022 Curated content"],"view_count":173,"promoted":false,"date":"2022-07-23T15:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-02T00:15:06.175+01:00","length":2805,"duration":2805,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/121-8f31582a-95a9-556e-b753-b0e2686efc1c.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/121-8f31582a-95a9-556e-b753-b0e2686efc1c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/121-8f31582a-95a9-556e-b753-b0e2686efc1c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/121-8f31582a-95a9-556e-b753-b0e2686efc1c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-121-what-have-you-done-against-covid-a-personal-retrospective-","url":"https://api.media.ccc.de/public/events/8f31582a-95a9-556e-b753-b0e2686efc1c","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"34b79d4c-b647-591d-8560-2255a9dc5400","title":"Sensor.Community - Global Open Environmental Data Platform","subtitle":null,"slug":"mch2022-213-sensor-community-global-open-environmental-data-platform","link":"https://program.mch2022.org/mch2022/talk/GNVPXC/","description":"Sensor.Community - Global platform for Open Environmental Data\n\nWe invite you to become part of Sensor.Community. The worldwide largest Air Quality sensor network run by contributors generating Open Data. Build a sensor, collect Open Data, share it in a continuous stream with the global network and join forces in local Sensor.Community groups.\n\nSensor.Community is the global platform for environmental open data.\n\nWe provide the software and assembly guide for the DIY sensor kits for citizen empowerment.\n\nMission Statement:\nSensor.Community is a contributors driven global sensor network that creates Open Environmental Data.\n\nOur mission is to inspire and enrich people’s lives by offering a platform for the collective curiosity in nature that is genuine, joyful and positive.\n\nSensor.Community started 2015 in Stuttgart / South Germany as a local project. The goal then was the deployment of 300 low cost Air-Quality sensors in Stuttgart. These devices should be easy to build for everyone. Until now the platform has grown to more than 14.000 sensors in over 70 countries (January 2022).\n\nThese sensors are measuring environmental data as Air-Quality, temperature, pressure and relative humidity. You can see the live values on the live map at Maps.Sensor.Community. Everything ever measured is available as Open Environmental Data. You can download all historical Open Data.\n\nTo participate you can join a local group which you can discover on the community layer of the map where live values are displayed. -\u003e https://maps.sensor.community/#2/0.0/0.0\n\nWe invite you to become part of the community. Build a sensor, generate Open Data, share it in a continuous stream with the network and join forces in local Sensor.Community groups to analyse it. Find like-minded people which care about the environment and the implications on our health. Stay informed and exchange with your neighbours.\n\nOnce the sensor tube is connected to the network its measured values are available live on the map at Sensor.Community. These values are refreshed every 2 ½ minutes and enable all citizens to see how the situation is around them.\n\nThe available historical Open Data of all ever measured values enable other projects to serve citizens with other specific services and functionality.\n\nSensor.Community is here to serve citizens on a global layer with environmental Open Data. Our focus is to add further sensor methods, collaborate with institutions as RIVM.nl on data standards and better integrations in their daily work. One great example here is the integration of the Open Data from Sensor.Community into the Data-portal of the National Institute for Public Health and the Environment in the Netherlands at RIVM.nl","original_language":"eng","persons":["Lukas Mocek"],"tags":["mch2022","213","2022","MCH2022 Curated content"],"view_count":427,"promoted":false,"date":"2022-07-26T11:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-02-22T00:00:05.580+01:00","length":2921,"duration":2921,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/213-34b79d4c-b647-591d-8560-2255a9dc5400.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/213-34b79d4c-b647-591d-8560-2255a9dc5400_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/213-34b79d4c-b647-591d-8560-2255a9dc5400.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/213-34b79d4c-b647-591d-8560-2255a9dc5400.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-213-sensor-community-global-open-environmental-data-platform","url":"https://api.media.ccc.de/public/events/34b79d4c-b647-591d-8560-2255a9dc5400","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"3b9a5e74-76c7-5472-8797-8786081b4a47","title":"A CISO approach to pentesting; why so many reports are never used","subtitle":null,"slug":"mch2022-217-a-ciso-approach-to-pentesting-why-so-many-reports-are-never-used","link":"https://program.mch2022.org/mch2022/talk/QXRYJH/","description":"Pentesting can provide vital information to organisations about their security. However, many reports end up never being used or not being used to their full potential. That is partly due to the pentesters and their writing skills. But in large part is also to be attributed to CISO's lack of guidance and involvement. \n\nI am not a spokesperson for all CISOs, but I do have quite a bit of experience in the pentesting field as a CISO. As such; I would like to share my thoughts about how a CISO can lead the pentesting process as effectively as possible, as well as what I as a CISO like to see in my pentesting reports.\n\nI will also highlight why some reports don't get used and why I think we struggle with this as much as we sometimes do.\n\nI think this information is usefull for pentesters and CISO's alike, because it shows both sides how the other one works and thinks.\n\nMany pentesting reports are never followed up on, which is a shame, because a lot of hard work goes into them a lot of the time.\n\nIn this talk I will try to explain why this happens and will try to clarify how we can make some changes to the practice, reporting and follow up to make pentests more effective.\n\nI will also talk about some of the things that have gone wrong during pentests I've been involved in. Scoping is important y'all!\n\nIf you're interested in what managers generally think certain jargon means (what's a checksum?), come check out the talk and you'll find out ;).\n\np.s. I can't find where to edit my personal profile, but I'm currently no longer CISO for DIVD. Since the beginning of this year I've joined the Board instead.","original_language":"eng","persons":["Fleur van Leusden"],"tags":["mch2022","217","2022","MCH2022 Curated content"],"view_count":413,"promoted":false,"date":"2022-07-25T18:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-02-26T13:15:06.477+01:00","length":2946,"duration":2946,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/217-3b9a5e74-76c7-5472-8797-8786081b4a47.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/217-3b9a5e74-76c7-5472-8797-8786081b4a47_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/217-3b9a5e74-76c7-5472-8797-8786081b4a47.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/217-3b9a5e74-76c7-5472-8797-8786081b4a47.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-217-a-ciso-approach-to-pentesting-why-so-many-reports-are-never-used","url":"https://api.media.ccc.de/public/events/3b9a5e74-76c7-5472-8797-8786081b4a47","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"b48d88e5-aa0e-5be2-a56a-06263515803b","title":"Plotting the Pandemic... ","subtitle":"or Any Other Catastrophe-Movie","slug":"mch2022-190-plotting-the-pandemic-or-any-other-catastrophe-movie","link":"https://program.mch2022.org/mch2022/talk/CPT3CD/","description":"Only three years ago you wouldn't have had a chance to get this so-called reality past any decent editor. Now, plotting a book or movie has become increasingly hard and the next years in publishing will be interesting, since our standards in what is scary or believable or how dumb can one be to do XY as a book character, to get into whatever problems, have tremendously changed.\r\n\r\nI'm an author, writing crime novels and scifi and during the last three years, some collegues and I have often said the phrase \"if this was a book, you wouldn't get that past an editor\". But it seems, our standards on what is real, believable or doable have changed somewhat over the pandemic. This does not only afflict society itself (fake news, mobs, conspiracy myths etc.), but also (pop) culture and the its creators like authors of books or movie scripts. I have no forecast, on where we might end up or if movies and books will return to story worlds of our old believes, but I can share musings about society, tech and humanity's deepest desire in stories and authors who have to face a different kind of basic understanding of the world to start from when writing stories.","original_language":"eng","persons":["Klaudia"],"tags":["mch2022","190","2022","MCH2022 Curated content"],"view_count":79,"promoted":false,"date":"2022-07-25T15:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-07-03T00:30:04.758+02:00","length":3058,"duration":3058,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/190-b48d88e5-aa0e-5be2-a56a-06263515803b.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/190-b48d88e5-aa0e-5be2-a56a-06263515803b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/190-b48d88e5-aa0e-5be2-a56a-06263515803b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/190-b48d88e5-aa0e-5be2-a56a-06263515803b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-190-plotting-the-pandemic-or-any-other-catastrophe-movie","url":"https://api.media.ccc.de/public/events/b48d88e5-aa0e-5be2-a56a-06263515803b","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"fc7bb54c-55ff-5110-9f8a-2e8d52908820","title":"Payment terminals as general purpose (game-)computers","subtitle":null,"slug":"mch2022-224-payment-terminals-as-general-purpose-game-computers","link":"https://program.mch2022.org/mch2022/talk/PBTBJG/","description":"What is inside a Verifone VX820 payment terminal and how can we run our own code (i.e. Doom) on it?\n\nThis is a story of a software guy messing around with an interesting embedded device. It includes some reverse engineering, *interesting* security practices, proprietary executable formats, and a game of bootloader hopscotch.\n\nStarting with an overview of the Verifone VX820 payment terminal's hardware and software, we will follow my curious exploration with the final goal of arbitrary code execution. We will see how such seemingly single-purpose devices actually allow for general purpose computing under the hood, and even contain all the peripherals needed for a fun (retro-)gaming experience. \n\nI will show the struggles and practicalities of turning a (previously found and published) bootloader vulnerability into a practical exploit. This includes some reverse-engineering of bootloaders, kernel code, communication protocols and file headers.\n\nFollowing this I will cover the \"engineering\" part: how to construct a minimum viable \"toolchain\" to be able to port a codebase like Doom.\n\nThere will be demos of the exploit and some programs that have been ported :)","original_language":"eng","persons":["Thomas Rinsma"],"tags":["mch2022","224","2022","MCH2022 Curated content"],"view_count":873,"promoted":false,"date":"2022-07-25T23:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-04-02T19:30:05.281+02:00","length":2561,"duration":2561,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/224-fc7bb54c-55ff-5110-9f8a-2e8d52908820.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/224-fc7bb54c-55ff-5110-9f8a-2e8d52908820_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/224-fc7bb54c-55ff-5110-9f8a-2e8d52908820.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/224-fc7bb54c-55ff-5110-9f8a-2e8d52908820.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-224-payment-terminals-as-general-purpose-game-computers","url":"https://api.media.ccc.de/public/events/fc7bb54c-55ff-5110-9f8a-2e8d52908820","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"3636bde7-72e0-5cbf-968a-4a4ea75437ed","title":"Lightning Talks Monday","subtitle":null,"slug":"mch2022-318-lightning-talks-monday","link":"https://program.mch2022.org/mch2022/talk/LGUFFZ/","description":"Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks\n\nLightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks","original_language":"eng","persons":[],"tags":["mch2022","318","2022","MCH2022 Curated content"],"view_count":143,"promoted":false,"date":"2022-07-25T16:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-11-05T12:00:05.722+01:00","length":3731,"duration":3731,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/318-3636bde7-72e0-5cbf-968a-4a4ea75437ed.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/318-3636bde7-72e0-5cbf-968a-4a4ea75437ed_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/318-3636bde7-72e0-5cbf-968a-4a4ea75437ed.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/318-3636bde7-72e0-5cbf-968a-4a4ea75437ed.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-318-lightning-talks-monday","url":"https://api.media.ccc.de/public/events/3636bde7-72e0-5cbf-968a-4a4ea75437ed","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"c8f26b30-8f7b-5a4d-9294-1bdee1d9568a","title":"TASBot OoT ACE: ","subtitle":"How to get the Triforce on an N64 via controller input","slug":"mch2022-277-tasbot-oot-ace-how-to-get-the-triforce-on-an-n64-via-controller-input","link":"https://program.mch2022.org/mch2022/talk/CNYE7A/","description":"TASBot has appeared at multiple charity events raising more than $1.3M to date by hacking classic video game consoles through controller ports. In this talk, dwangoAC will show how TASBot, with help from a human speedrunner, can use a Stale Reference Manipulation exploit in the N64 game Legend of Zelda: Ocarina of Time to achieve persistent Arbitrary Code Execution to obtain the Triforce and many other surprising outcomes that have to be seen to be believed.\r\n\r\nThe TASBot community, led by dwangoAC, has exploited glitches in a variety of creative ways leading to Twitch chat streamed through a Super Game Boy, Super Mario Bros. being played inside Super Mario World, and many more. Most of these exploits were on older NES and SNES consoles, but what could be done if Arbitrary Code Execution could be achieved on an N64? This talk aims to show the beautiful results that can ensue after taking complete control of Legend of Zelda: Ocarina of Time, including obtaining the Triforce itself! The talk will cover controller protocol evil maid attacks, Stale Reference Manipulation (Use After Free) exploitation, a four stage bootstrap chain to attain high speed data transfer, and more with audiovisual elements that are sure to be a surprise.","original_language":"eng","persons":["dwangoAC"],"tags":["mch2022","277","2022","MCH2022 Curated content"],"view_count":215,"promoted":false,"date":"2022-07-25T15:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-31T17:45:06.797+02:00","length":2908,"duration":2908,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/277-c8f26b30-8f7b-5a4d-9294-1bdee1d9568a.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/277-c8f26b30-8f7b-5a4d-9294-1bdee1d9568a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/277-c8f26b30-8f7b-5a4d-9294-1bdee1d9568a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/277-c8f26b30-8f7b-5a4d-9294-1bdee1d9568a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-277-tasbot-oot-ace-how-to-get-the-triforce-on-an-n64-via-controller-input","url":"https://api.media.ccc.de/public/events/c8f26b30-8f7b-5a4d-9294-1bdee1d9568a","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"a329ebf6-ea2c-5262-bfe9-420065a39dab","title":"Heuristic Park (why we can fake it until we make it)","subtitle":null,"slug":"mch2022-11-heuristic-park-why-we-can-fake-it-until-we-make-it-","link":"https://program.mch2022.org/mch2022/talk/VLVBVG/","description":"Why do we believe in fake news? What are news siloes? Why can't we seemingly find a solution to discussions like blackface or the corona-deniers How to break your bubble. This lecture discusses the psychological reasons as seen from the perspective of a social engineer.\n\nWhy do we believe in fake news? What are news siloes? How to break your bubble.\n-                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    \n                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    \n                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    \n                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    \n                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    \n                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    \n                                                                                                                                                                                                                                                                                                    -","original_language":"eng","persons":["ijskimo"],"tags":["mch2022","11","2022","MCH2022 Curated content"],"view_count":132,"promoted":false,"date":"2022-07-24T11:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-02-22T14:45:09.569+01:00","length":2907,"duration":2907,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/11-a329ebf6-ea2c-5262-bfe9-420065a39dab.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/11-a329ebf6-ea2c-5262-bfe9-420065a39dab_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/11-a329ebf6-ea2c-5262-bfe9-420065a39dab.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/11-a329ebf6-ea2c-5262-bfe9-420065a39dab.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-11-heuristic-park-why-we-can-fake-it-until-we-make-it-","url":"https://api.media.ccc.de/public/events/a329ebf6-ea2c-5262-bfe9-420065a39dab","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"1512ebe2-ca9a-5f5d-b7be-f8c5a8f05367","title":"RE-VoLTE: Should we stop the shutdown of 2G/3G to save lives??","subtitle":null,"slug":"mch2022-355-re-volte-should-we-stop-the-shutdown-of-2g-3g-to-save-lives-","link":"https://program.mch2022.org/mch2022/talk/7TVHSD/","description":"A lack of VoLTE standardisation breaks voice calling globally. Your brand new smartphone may not work because VoLTE is screwed up by manufacturers and carriers.\nVoice-over-LTE (4G), voice-over-NR (5G) and voice-over-WiFi have been standardized for years, but now that more and more 2G and 3G networks are shut down by operators, users discover their phones don't work anymore with basic voice calling. The cause is a massive mess in standardization, with a boatload of options and settings and vendors and carriers interpreting it differently, masked by fall-back to 2G and 3G and lack of \"international roaming\" agreements for VoLTE. \nHandset manufacturers decided to implement shortcuts (neglecting parts of the standards) or even worse, implementing white-lists with only mayor operators included, so you cannot switch operators anymore and are up for a big surprise while roaming in another country.\nThe result: Even your brand new phone might be unable to provide voice calling in one country but work in another. Voice-calling might work if you're lucky, but you cannot reach 112/911, the eCALL system in your car fails after 2G/3G shutdown or you cannot receive an SMS you need for remote Two-Factor-Authentication while roaming in another country. \nIt's such a disastrous mess, so should we stop the 2G/3G shutdown and get-it-fixed?\n\nThis is a tale of a disaster still looming in most of Europe for Europeans, as 2G/3G still works as the fall-back mode of your device. As a result nobody noticed that VoLTE was screwed up.\nHowever many non-Americans roaming with their phones into the USA suddenly learn their brand new phone isn't working for voice-calls, as AT\u0026T has shut down 2G/3G on July 1st 2022. \nProblems already did happen to users roaming into countries like India.\nUsers who buy seemingly the same recent model of a supplier like Samsung or Apple, and think they are safe, might be up for a big suprise too. Months of testing needed per device was considered way too cumbersome and too expensive by many, so at best it was halfway done. \nManufacturers decided to cope with it by curtailing the myriad of options and settings, included mobile-network-code white-lists or implement short-cuts (neglecting parts of the standards). \nWith white-lists you suddenly are tied to an operator and changing your subscription from a major Mobile Network Operator to an MVNO, makes voice-calling on your brand new smartphone defunct, only allowing data communications working.\nThe \"advice\" to complainers is just to use voice-apps, but these don't allow Emergency calls.\neCALL devices built into cars that dial emergency numbers may work in your home country, but fail when driving in another land on your holiday.\nRoaming agreements between international carriers have up to now been made only between major operators in large countries, There are merely 50 international VoLTE roaming agreements actually working. If you are from a \"small country\" like Sweden, you're out of luck in the USA.\nVoice-over-LTE (4G), voice-over-NR (5G) and voice-over-WiFi have been screwed up by an unholy alliance of handset manufacturers, carriers, the GSM-Association and IMS-core vendors and standardization bodies, who couldn't decide to settle VoLTE down to a limited set of options and prescribe large scale compulsory plugfests and compatibility tests.\nRegulators have looked away, expecting the \"magic of the market would resolve all issues\".\nSome vendors have engaged in favoritism with white-listing or don't deal with MVNOs and MVNEs, as they don't order millions of devices.\nThis talk explains the cause of the mess and highlights the problems lurking in your brand new device.\nIt provides real problems, with devices and disfunctional VoLTE, collected in 2021/2022.\nWe should ask the question whether the announced shutdowns of 2G/3G in most of Europe have to be stopped. Must device manufacturers and carriers be forced to clean-up their act now, and halt their anti-competitive practices and favoritism, before people die as they cannot reach 112/911 during an Emergency?","original_language":"eng","persons":["Hendrik Rood"],"tags":["mch2022","355","2022","MCH2022 Curated content"],"view_count":257,"promoted":false,"date":"2022-07-23T19:20:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-11T23:30:09.569+01:00","length":1763,"duration":1763,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/355-1512ebe2-ca9a-5f5d-b7be-f8c5a8f05367.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/355-1512ebe2-ca9a-5f5d-b7be-f8c5a8f05367_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/355-1512ebe2-ca9a-5f5d-b7be-f8c5a8f05367.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/355-1512ebe2-ca9a-5f5d-b7be-f8c5a8f05367.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-355-re-volte-should-we-stop-the-shutdown-of-2g-3g-to-save-lives-","url":"https://api.media.ccc.de/public/events/1512ebe2-ca9a-5f5d-b7be-f8c5a8f05367","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"94243e09-0962-51d9-8086-1d67f2a12cca","title":"Wired Norms: Inscription, resistance, and subversion in the governance of the Internet infrastructure","subtitle":null,"slug":"mch2022-18-wired-norms-inscription-resistance-and-subversion-in-the-governance-of-the-internet-infrastructure","link":"https://program.mch2022.org/mch2022/talk/GUVANG/","description":"Warning (but don't be afraid): this talk contains an overarching theory of the workings of Internet governance (with an emphasis on human rights)! \n\nThe rules of the road for the Internet infrastructure are designed in different governance bodies, such as the Internet Engineering Taskforce (IETF), the Internet Corporation for Assigned Names and Numbers (ICANN), and in Regional Internet Registries (RIRs). \n\nI will showcase how Internet governance institutions are tied together through 'the infrastructural norm of interconnection'. This concept helps explain how Internet governance works and why many social and legal norms, such as human rights and data protection, get resisted and subverted in the governance of the Internet infrastructure.\n\nThis talk is the outcome of 6 years participation in and research of Internet governance institutions and processes, and is suitable for both issue matter experts and people who never heard of Internet governance before.\n\nThe entanglement of the Internet with the daily practices of governments, companies, institutions, and individuals means that the processes that shape the Internet also shape society. For this talk, I studied the norms that shape the Internet’s underlying structure through its transnational governance. Norms are the ‘widely-accepted and internalised [sic] principles or codes of conduct that indicate what is deemed to be permitted, prohibited, or required of agents within a specific community’ (Erskine and Carr 2016, 87). Internet governance is the development, coordination, and implementation of policies, technologies, protocols, and standards. Internet governance produces a global and interoperable Internet functioning as a general-purpose communication network in transnational governance bodies. I examine four cases of norm conflict and evolution in three key Internet governance institutions: the Internet Engineering Taskforce (IETF); the Internet Corporation for Assigned Names and Numbers (ICANN); and the Réseaux IP Européens Network (RIPE). \n\nI show how social and legal norms evolve and are introduced, subverted, and resisted by participants in Internet governance processes with distinct and dynamic values and interests, in order to develop policies, technologies, and standards to produce an interconnected Internet. I leverage notions and insights from science and technology studies and international relations to illuminate how a sociotechnical imaginary—the combination of visions, symbols, and futures that exist in groups and society—architectural principles, and an entrenched norm function as instruments of metagovernance in the Internet infrastructure. This way, I demonstrate how a sociotechnical imaginary, values, and norms facilitate, instruct, and evaluate the norm setting processes in Internet governance. \n\nThis talk is empirically grounded in the analysis of mailing lists; technical documents; policy documents; interviews and the extensive observation of governance meetings. I have operationalized this analysis using the following methods: quantitative descriptive analysis; network analysis; quantitative and qualitative discourse analysis, as well as in participant observation, including semi-structured interviews and ethnographic probes.  \n\nThe aim of this talk is to show how Internet governance happening in multistakeholder bodies, what I call private Internet governance, solely functions to increase interconnection between independent networks. In this process, the introduction of social and legal norms—such as human rights principles and data protection regulations that might hamper increased interconnection—is resisted by significantly represented stakeholders in the process. Ultimately, I argue that while the sociotechnical imaginary and architectural principles serve to legitimize this governance ordering, the entrenched norm, what I call the infrastructural norm that transcends singular institutions, guides the distributed private governance regime. \n\nThe infrastructural norm of voluntary interconnection plays an instructing and evaluating role in the process of norm development and evolution in private Internet governance. The infrastructural norm is embedded in its institutional configuration, technological materiality, economical incentives, and supranational interest, and ties the private Internet governance regime together. In conclusion, I posit that the private Internet governance regime is designed and optimized for the narrow and limited role of increasing interconnection. As a result, the governance regime resists aligning Internet infrastructure with social or legal norms that might limit or hamper increasing interconnection.","original_language":"eng","persons":["Niels ten Oever"],"tags":["mch2022","18","2022","MCH2022 Curated content"],"view_count":213,"promoted":false,"date":"2022-07-22T22:40:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2025-08-26T19:30:04.423+02:00","length":2734,"duration":2734,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/18-94243e09-0962-51d9-8086-1d67f2a12cca.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/18-94243e09-0962-51d9-8086-1d67f2a12cca_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/18-94243e09-0962-51d9-8086-1d67f2a12cca.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/18-94243e09-0962-51d9-8086-1d67f2a12cca.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-18-wired-norms-inscription-resistance-and-subversion-in-the-governance-of-the-internet-infrastructure","url":"https://api.media.ccc.de/public/events/94243e09-0962-51d9-8086-1d67f2a12cca","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"8a1fc764-6901-537d-8531-e23b4088c608","title":"Electronic Locks: Bumping and Other Mischief","subtitle":null,"slug":"mch2022-264-electronic-locks-bumping-and-other-mischief","link":"https://program.mch2022.org/mch2022/talk/KBVXRU/","description":"Modern electronic locks are often optimized for cost, not security. Or their manufacturers don’t do security research. Or they ignore it. \nFor whatever reason, many current electronic lock systems are susceptible to surprisingly simple attacks. We’ll look at some of them, and at the underlying basics, so that you can do your own research.\n\nIn this talk, we look at a number of modern electronic locks and their security flaws. Surprisingly many current systems are susceptible to very simple attacks, like the equivalent of using bump keys. Of course, there are electronic and/or SW-based attacks, too.\nWe’ll look at some of them, and at the underlying basics, so that you can do your own research. \nSome of the problems have been fixed by manufacturers, but typically only for future production runs, so you will get some practical advice on how to test your own hardware for these critical flaws.","original_language":"eng","persons":["Michael Huebler (mh)"],"tags":["mch2022","264","2022","MCH2022 Curated content"],"view_count":1136,"promoted":false,"date":"2022-07-23T18:40:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-02-28T18:45:04.374+01:00","length":1777,"duration":1777,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/264-8a1fc764-6901-537d-8531-e23b4088c608.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/264-8a1fc764-6901-537d-8531-e23b4088c608_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/264-8a1fc764-6901-537d-8531-e23b4088c608.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/264-8a1fc764-6901-537d-8531-e23b4088c608.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-264-electronic-locks-bumping-and-other-mischief","url":"https://api.media.ccc.de/public/events/8a1fc764-6901-537d-8531-e23b4088c608","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"b5a70115-5884-5a2e-9da9-43102b2f3e32","title":"hack your brain","subtitle":null,"slug":"mch2022-52-hack-your-brain","link":"https://program.mch2022.org/mch2022/talk/ZZVHAL/","description":"Food affects your body, food affects your mind. This talk describes how the performance of my brain has decreased over time and has returned by changing my diet. Basic food is not enough for your brain to deliver exceptional performance. Come with us and open your mind.\n\nLet your remedies be your food and your food be your remedies. Just think about it, I'm eating all day and losing weight. To be wide awake and in your right mind without \"Club Mate\" or coffee. Great recipes with three ingredients in a blender in seconds. Step by step with food to healing. \n\nCan you imagine a tasty gourmet cleansing cure? Results are better appearance, feel reborn, more powerful, mentally more stable, stress-resistant. Hack your food.                         \n \nA report of personal experience and feelings.","original_language":"eng","persons":["va13","anke"],"tags":["mch2022","52","2022","MCH2022 Curated content"],"view_count":368,"promoted":false,"date":"2022-07-26T10:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-03-24T15:45:07.697+01:00","length":2581,"duration":2581,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/52-b5a70115-5884-5a2e-9da9-43102b2f3e32.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/52-b5a70115-5884-5a2e-9da9-43102b2f3e32_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/52-b5a70115-5884-5a2e-9da9-43102b2f3e32.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/52-b5a70115-5884-5a2e-9da9-43102b2f3e32.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-52-hack-your-brain","url":"https://api.media.ccc.de/public/events/b5a70115-5884-5a2e-9da9-43102b2f3e32","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"2b2d59bc-5dc5-5529-8019-179f4bd8349d","title":"Democracy: Eventually Digitally Transparent?","subtitle":null,"slug":"mch2022-203-democracy-eventually-digitally-transparent-","link":"https://program.mch2022.org/mch2022/talk/LFVBN3/","description":"Governments should be radically more transparent. While calls for more open data and initiatives like the Open Government Partnership have existed for more than a decade, there is still much to be desired. Where do we stand? And, fun to imagine, where could and should we go?\n\nIt is hard to have a perfect overview of the status of open government across the world. We at [Open State Foundation](https://openstate.eu/) focus mostly on accelerating digital transparency in the Netherlands. We will explain things like:\n\n- Why is the **Handelsregister** (company register) still only fully accessible for those with a lot of money? \n- Why are **Wob-verzoeken** (Freedom of Information requests) on average not answered within the legal deadline?\n- How transparent are the **external meetings of ministers** and who do they talk to?\n\nOn the other hand we show why the Netherlands is a great place if you want to know how your municipalities spend their money or want to access national statistics.\n\nStill there is much to learn from other countries:\n- **How does Norway manage their information so well** that they respond to Freedom of Information requests much faster?\n- What country has **a minister that deals in the most open way with lobbyists**? \n- Can governments produce **modern open source software**? \nThese examples can show us a future of a digitally transparent democracy.\n\nWe end the talk by opening up the floor to the audience and love to hear about positive examples of transparent forms of governments around the world.","original_language":"eng","persons":["Sicco van Sas"],"tags":["mch2022","203","2022","MCH2022 Curated content"],"view_count":167,"promoted":false,"date":"2022-07-24T22:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-01-22T16:45:12.034+01:00","length":2749,"duration":2749,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/203-2b2d59bc-5dc5-5529-8019-179f4bd8349d.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/203-2b2d59bc-5dc5-5529-8019-179f4bd8349d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/203-2b2d59bc-5dc5-5529-8019-179f4bd8349d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/203-2b2d59bc-5dc5-5529-8019-179f4bd8349d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-203-democracy-eventually-digitally-transparent-","url":"https://api.media.ccc.de/public/events/2b2d59bc-5dc5-5529-8019-179f4bd8349d","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"76a5de4e-6952-5566-b163-2839687f8ee6","title":"Knock knock, who’s there?","subtitle":"Is your door locked? Are you sure?","slug":"mch2022-177-knock-knock-who-s-there-is-your-door-locked-are-you-sure-","link":"https://program.mch2022.org/mch2022/talk/NV9RBY/","description":"One of the most used video entry systems is analysed for this talk. Severe security implications that range from passive, information gathering, attacks to active attacks where unauthorised access to buildings can be gained.\r\nDuring the talk the technical details of the bus system will be discussed and multiple attackvectors will be demonstrated. At the end of the talk the disclosure procedure to high value targets and the manufacturer are also discussed.\r\n\r\nFeeling safe at home and at work is one of the most basic requirements for living. Part of being, and feeling, safe is the physical access system of the building.\r\nFor this talk the video intercom system designed and manufactured by one of the most used brands in building access control and video entry technology is… evaluated.\r\nIn order to paint a picture of the magnitude of the security implications it is good to mention that this system is not just used in apartment buildings but also in government offices such as the probation office in The Netherlands.\r\n\r\nThe talk will discuss the technical aspects of the bus system and how and why this has major security implications. Not only passive attacks will be shown but also more active attacks that can compromise physical security in the buildings where the system is used.\r\n\r\nThe talk will also include how disclosure to some potential targets was done. The reaction from the manufacturer will also be discussed in the talk.","original_language":"eng","persons":["Jeroen"],"tags":["mch2022","177","2022","MCH2022 Curated content"],"view_count":206,"promoted":false,"date":"2022-07-25T22:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-02-17T11:15:10.389+01:00","length":1356,"duration":1356,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/177-76a5de4e-6952-5566-b163-2839687f8ee6.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/177-76a5de4e-6952-5566-b163-2839687f8ee6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/177-76a5de4e-6952-5566-b163-2839687f8ee6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/177-76a5de4e-6952-5566-b163-2839687f8ee6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-177-knock-knock-who-s-there-is-your-door-locked-are-you-sure-","url":"https://api.media.ccc.de/public/events/76a5de4e-6952-5566-b163-2839687f8ee6","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"e3034646-8dc8-589b-bd15-e0162f7a02c4","title":"Free children from the digital stranglehold","subtitle":null,"slug":"mch2022-314-free-children-from-the-digital-stranglehold","link":"https://program.mch2022.org/mch2022/talk/AZVEA8/","description":"The current digital educational system is dominated by tech giants. Fundamental rights, like the privacy, freedom and sovereignty of children, parents and educators are insufficiently secured. Ed-tech is mainly closed source and full of vendor lockins. Products are either overpriced, harvesting data, or both. The time to replace surveillance capitalist based Ed-tech by ethical open source alternatives is now. And our coalition for fair digital education is going to do it.\n\nPrivate companies do not have the same interests as public institutions like schools. Schools do not have the time, knowledge or budget to hack their own IT environment together. Hence, BigTech and Ed-Tech fix this problem for schools, by offering services that have a very low price tag in euro's, but the actual payment is in data: meta data, \"service\"-data and user-data. DPIA you say? *(Detailed Privacy Impact Analysis)* That will achieve sort-of-legally compliant services at max. If only the authorities would actually bite, but alas, enforcement is lax, and four years of GDPR and the IT environment in schools is still riddled with privacy risks. Essential online services are out-of-scope of the DPIA's and purposes like \"product improvement\" (read: feeding AI and machine learning algorithms) is GDPR-Okay. If you or your kid goes to a 'Google school' and is forced to use a Chromebook, you'll be producing data to train Google, and you will be trained to love Google services. Consequently children won't develop core digital skills or a critical attitude toward digital services.\n\nThus, there is a huge gap between core values of big tech companies versus public values in the educational system. Therefore, enforcement to make Big Tech embrace those public values will never be effective. ​​​​​​​That is why we need to build a school IT environment based upon public values: transparent, open source, privacy-by-design, decentralized, fair and respecting our digital sovereignty. Our coalition for fair digital education is going to build this. This is a huge project and a lot of work, so join us.","original_language":"eng","persons":["Geert-Jan"],"tags":["mch2022","314","2022","MCH2022 Curated content"],"view_count":184,"promoted":false,"date":"2022-07-23T20:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-04-02T14:30:11.561+02:00","length":2996,"duration":2996,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/314-e3034646-8dc8-589b-bd15-e0162f7a02c4.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/314-e3034646-8dc8-589b-bd15-e0162f7a02c4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/314-e3034646-8dc8-589b-bd15-e0162f7a02c4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/314-e3034646-8dc8-589b-bd15-e0162f7a02c4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-314-free-children-from-the-digital-stranglehold","url":"https://api.media.ccc.de/public/events/e3034646-8dc8-589b-bd15-e0162f7a02c4","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"bbe959a8-ec57-55fa-9eca-6f82c109c58c","title":"How to sneak past the Blue Team of your nightmares","subtitle":null,"slug":"mch2022-200-how-to-sneak-past-the-blue-team-of-your-nightmares","link":"https://program.mch2022.org/mch2022/talk/HKJCGA/","description":"If the perfect Blue Team exists, does that mean the Red Team doesn’t stand a chance against it or is there still a way to sneak their phish in the mailbox of their target? Well in this talk we investigate how a Red Team could sneak past even the best Blue Team imaginable. \nWe analyse how a perfect Blue Team would detect malicious domains targeting their organization, how they would correlate these to other threat infrastructure to burn the whole campaign and how they would block a successful initial foothold in case they did not detect the phish campaign before its launch. \nBy assuming the perfect adversary, we discuss techniques and important OPSEC measures Red Teams need to use to get a successful and undetected initial foothold in their targeted organization. \nThrough practical demos and real-life examples, attendees will learn invaluable techniques and OPSEC measures to improve their Blue or Red Team tradecraft.\n\nIf the perfect Blue Team exists, does that mean the Red Team doesn’t stand a chance against it or is there still a way to sneak their phish in the mailbox of their target? Well in this talk we will investigate how a Red Team could sneak past the best Blue Team imaginable. By analyzing techniques the perfect Blue Team would use, we define OPSEC measures and techniques to remain undetected and accomplish a successful initial foothold.\n\nHow would a perfect Blue Team detect malicious domains targeting their organization? \no\tBLUE: By dissecting patterns of adversaries and resulting OPSEC mistakes, we specify how domain and Certificate Transparency Log monitoring can unveil domains impersonating your organization. \no\tRED: We explain measures the Red Team can take to avoid being caught through domain and CTL monitoring by using wildcard SSL certificates and avoiding typosquatting.\n\nHow would a perfect Blue Team correlate detected malicious domains to related threat infrastructure? \no\tBLUE: Once a suspicious domain is identified, we can correlate this to other threat infrastructure using NetLoc intelligence techniques. Through correlation, Blue Teams can leverage OPSEC mistakes to uncover and potentially burn the whole campaign. \no\tRED: We explain measures the Red Team can take to avoid the correlation between their threat infrastructure and avoid the detection of one domain leading to the whole threat infra being burned. \n\nHow would the perfect Blue Team attempt to block undetected phishing campaigns during their launch. \no\tBLUE: We analyze how the use of reputational scoring based on IP, Domain and Mail server, can block many phishing campaigns during the launch itself.\no\tRED: We explain how Red Teams can age and categorize their domains to pass IP/Domain/Mail based reputation detections. \n\nWhat if a phishing mail sneaks by the Blue Team and lands in the inbox of one of their employees, has Red Team won? Not yet:\no\tBLUE: The perfect Blue Team has hardened employee endpoints to make a successful exploitation after a click almost impossible. We discuss several defensive techniques on how to block successful initial foothold through Macro execution hardening, Applocker, Exploit Guard and endpoint security solutions. \no\tRED: Assuming a fully hardened system, we discuss strategies that could bypass all off these hardening measures and have been proven to be successful in past engagements\n\nWe conclude with a summary of techniques both Blue and Red Teamers can use to perfect their tradecraft.","original_language":"eng","persons":["Wout Debaenst"],"tags":["mch2022","200","2022","MCH2022 Curated content"],"view_count":557,"promoted":false,"date":"2022-07-25T11:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-01-30T09:15:08.697+01:00","length":2725,"duration":2725,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/200-bbe959a8-ec57-55fa-9eca-6f82c109c58c.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/200-bbe959a8-ec57-55fa-9eca-6f82c109c58c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/200-bbe959a8-ec57-55fa-9eca-6f82c109c58c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/200-bbe959a8-ec57-55fa-9eca-6f82c109c58c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-200-how-to-sneak-past-the-blue-team-of-your-nightmares","url":"https://api.media.ccc.de/public/events/bbe959a8-ec57-55fa-9eca-6f82c109c58c","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"d5c1d30e-ca9a-543f-b6f3-c85ecd7b8eea","title":"The MCH2022 Design","subtitle":null,"slug":"mch2022-24-the-mch2022-design","link":"https://program.mch2022.org/mch2022/talk/KBP937/","description":"The MCH2022 design speaks for itself, but we would still nerd about it for a while. It is beautiful, colorful, generative, and has some physics ideas behind it. Some of it is obvious, but if you want to know all the hidden depths, this is the talk to visit.\n\nThe triangulair MCH2022 design is a colourfull generative kaleidoscope with some hidden depths. In that way it reflects the hacker community.  It is in some ways a spiritual successor to the SHA2017 design, but it has its own look and feel. You can find it all around the field, on prints and stickers, on the website and on the event shirts.\n\nDo you want to know the nitty gritty details of the optical physics, the generative basis and symmetric math ideas behind it? Some of it is obvious, but we would like to talk about it, and go deeper in on the concepts.","original_language":"eng","persons":["Christel Sanders"],"tags":["mch2022","24","2022","MCH2022 Curated content"],"view_count":141,"promoted":false,"date":"2022-07-26T14:20:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-07-16T13:45:04.605+02:00","length":1117,"duration":1117,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/24-d5c1d30e-ca9a-543f-b6f3-c85ecd7b8eea.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/24-d5c1d30e-ca9a-543f-b6f3-c85ecd7b8eea_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/24-d5c1d30e-ca9a-543f-b6f3-c85ecd7b8eea.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/24-d5c1d30e-ca9a-543f-b6f3-c85ecd7b8eea.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-24-the-mch2022-design","url":"https://api.media.ccc.de/public/events/d5c1d30e-ca9a-543f-b6f3-c85ecd7b8eea","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"7ceb2d94-fe2f-552a-b4e1-363cf9d29758","title":"Electron microscopes - How we learned to stop worrying and love cheap lab equipment.","subtitle":null,"slug":"mch2022-246-electron-microscopes-how-we-learned-to-stop-worrying-and-love-cheap-lab-equipment-","link":"https://program.mch2022.org/mch2022/talk/LE3MD7/","description":"A tale of sketchy^H^H^H^H^H^H^Hawesome online shopping, grimy scrap bins, and crazy DIY projects: \nThe adventures of a few friends who set up an electron-microscopy lab (and much more!) without breaking the bank. For all audiences: whether you just want to see some cool micrographs, hear a story of hacker adventure, or, want to set up your own SEM - this should be a good time.\n\nThis talk will have several parts:\n\nFirst we will tell you a story of a hobby that started with modifying an old classroom microscope for \nsemiconductor imaging and has led to owning one, possibly two scanning electron microscopes (SEMs).  You will see how 2020's logistics drama, COVID, language barriers, etc resulted turned the \"simple\" task of buying an electron microscope into a roller coaster of an adventure.\n\nPart two will look at the things we learned and what *you* should look out for if you want to get your own SEM: Things that will break, physics to watch out for, requirements for running it, and understanding the things that set different SEMs apart.\n\nFinally, we want to look at the future: Can we get a community of hackers building their own chips or replicating material science papers similar to the one we see abroad? Their achievements have been non-trivial to translate to European reality, but not impossible to. We hope to spur this on.","original_language":"eng","persons":["Peter Bosch","Peter Cywinski"],"tags":["mch2022","246","2022","MCH2022 Curated content"],"view_count":285,"promoted":false,"date":"2022-07-23T21:40:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-27T22:30:08.855+01:00","length":2999,"duration":2999,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/246-7ceb2d94-fe2f-552a-b4e1-363cf9d29758.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/246-7ceb2d94-fe2f-552a-b4e1-363cf9d29758_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/246-7ceb2d94-fe2f-552a-b4e1-363cf9d29758.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/246-7ceb2d94-fe2f-552a-b4e1-363cf9d29758.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-246-electron-microscopes-how-we-learned-to-stop-worrying-and-love-cheap-lab-equipment-","url":"https://api.media.ccc.de/public/events/7ceb2d94-fe2f-552a-b4e1-363cf9d29758","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"14dec41a-2bc7-5f6c-986a-4def8c64987a","title":"Lightning Talks Sunday","subtitle":null,"slug":"mch2022-317-lightning-talks-sunday","link":"https://program.mch2022.org/mch2022/talk/PUNDRB/","description":"Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks\n\nLightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks","original_language":"eng","persons":[],"tags":["mch2022","317","2022","MCH2022 Curated content"],"view_count":194,"promoted":false,"date":"2022-07-24T16:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2025-11-04T11:45:06.985+01:00","length":4788,"duration":4788,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/317-14dec41a-2bc7-5f6c-986a-4def8c64987a.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/317-14dec41a-2bc7-5f6c-986a-4def8c64987a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/317-14dec41a-2bc7-5f6c-986a-4def8c64987a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/317-14dec41a-2bc7-5f6c-986a-4def8c64987a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-317-lightning-talks-sunday","url":"https://api.media.ccc.de/public/events/14dec41a-2bc7-5f6c-986a-4def8c64987a","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"8f2e19f2-b7dc-5ba0-93e1-8ee0df80be95","title":"OpenRAN – 5G hacking just got a lot more interesting","subtitle":null,"slug":"mch2022-273-openran-5g-hacking-just-got-a-lot-more-interesting","link":"https://program.mch2022.org/mch2022/talk/8BEFCG/","description":"Many 5G networks are built in fundamentally new ways, opening new hacking avenues.\nMobile networks have so far been monolithic systems from big vendors. Networks are rapidly changing to an \"open\" model that mixes software from specialized vendors, hosted in cloud environments.\n\nThe talk dives into the hacking potential of the technologies and new interfaces needed for these open networks. We illustrate the security challenges with vulnerabilities we found in real-world networks.\n\n# Background #\n\nMobile networks are undergoing a paradigm shift from single-vendor monoliths to open cloud environments. Telco software now comes from different vendors and is installed on commodity hardware.\n\nOpenRAN is introduced in many (not all) 5G network globally. Operators hope that OpenRAN will be more flexible and cheaper. But what about security?\n\nTo make building blocks interoperable, OpenRAN comes with new interfaces, with often unclear security properties. OpenRAN also adds complex IT technologies, which come with their own hacking issues. Many components are run on Linux in Docker containers on top of Kubernetes, adding multiple layers of possible hacking interference.\n\nMobile networks also become easier to test, including for pentesters with experience in web apps and cloud environments. This talk explores how we can best use this new accessibility.\n\n# What we discuss #\n\n*1. Technology overview.* Which technologies and interfaces are used in OpenRAN\n\n*2. Baseline security.* Which security measures are part of OpenRAN, and which gaps are left open\n\n*3. Pentest/hacking advice.* How do you test whether a network uses necessary security measures\n\n*4. Tales of caution.* Vulnerabilities we found in real-world networks","original_language":"eng","persons":["Karsten Nohl"],"tags":["mch2022","273","2022","MCH2022 Curated content"],"view_count":5358,"promoted":false,"date":"2022-07-23T14:00:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-03-21T14:00:07.817+01:00","length":2677,"duration":2677,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/273-8f2e19f2-b7dc-5ba0-93e1-8ee0df80be95.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/273-8f2e19f2-b7dc-5ba0-93e1-8ee0df80be95_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/273-8f2e19f2-b7dc-5ba0-93e1-8ee0df80be95.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/273-8f2e19f2-b7dc-5ba0-93e1-8ee0df80be95.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-273-openran-5g-hacking-just-got-a-lot-more-interesting","url":"https://api.media.ccc.de/public/events/8f2e19f2-b7dc-5ba0-93e1-8ee0df80be95","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"32612e0a-18c0-57d9-a877-9730c70ae155","title":"Finding 0days in Enterprise Web Applications","subtitle":null,"slug":"mch2022-99-finding-0days-in-enterprise-web-applications","link":"https://program.mch2022.org/mch2022/talk/EF7VSC/","description":"Enterprise web applications have been deployed rapidly to the internet over the last ten years. Often, these applications remain secure, purely due to how difficult it is getting a copy of the source code. Unsurprisingly, some of the most popular enterprise web applications contain critical pre-authentication vulnerabilities. This presentation discusses how to get your hands on enterprise web applications and how to audit them for vulnerabilities, demonstrated through the disclosure of multiple 0days in popular enterprise web applications.\n\nWhen performing offensive source code analysis, the road to critical pre-authentication vulnerabilities usually involves a treacherous journey. From obtaining the source code, to mapping out sources and sinks, this presentation will take you on this journey to finding critical bugs in the following software:\n\n- IBM Websphere Portal / HCL Digital Experiences\n- Solarwinds Web Help Desk\n- Sitecore Experience Platform\n- VMWare Workspace One UEM (AirWatch)\n\nBy experiencing the discovery process of 0days in popular enterprise web applications, this process can be repeated on the enterprise applications your company uses. The vulnerabilities discussed in this presentation have all gone through a responsible disclosure process.","original_language":"eng","persons":["Shubham Shah"],"tags":["mch2022","99","2022","MCH2022 Curated content"],"view_count":425,"promoted":false,"date":"2022-07-24T19:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2025-11-28T19:45:05.192+01:00","length":2469,"duration":2469,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/99-32612e0a-18c0-57d9-a877-9730c70ae155.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/99-32612e0a-18c0-57d9-a877-9730c70ae155_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/99-32612e0a-18c0-57d9-a877-9730c70ae155.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/99-32612e0a-18c0-57d9-a877-9730c70ae155.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-99-finding-0days-in-enterprise-web-applications","url":"https://api.media.ccc.de/public/events/32612e0a-18c0-57d9-a877-9730c70ae155","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"53652eb6-6614-586b-9647-0df4b87746a0","title":"Modernizing the Tor Ecosystem for the Future","subtitle":null,"slug":"mch2022-207-modernizing-the-tor-ecosystem-for-the-future","link":"https://program.mch2022.org/mch2022/talk/MUP7MX/","description":"In this presentation, we will be updating the audience on the ongoing modernization efforts of the software developed inside The Tor Project -- the organization behind the most widely deployed anonymity network. We will look at upcoming features and changes to the core technology that drives the Tor network and why a Browser may no longer be the only product we have to provide for the user-base that is so crucial in need of Tor's anonymity properties for safe internet access.\n\nThe Tor ecosystem is currently going through a more extensive modernization phase where we are simplifying our goals slightly to make space for larger projects that we find necessary.\n\nThis work includes implementing a new, more memory-safe Tor implementation in the Rust programming language named Arti. This work will make it easier for application developers to integrate their applications and benefit from the safety features that Tor can provide. \n\nAdditionally, we will talk about some recent or upcoming changes to the network:\n\n- Give a status update on deploying modern congestion control algorithms in the Tor network. This work should significantly enhance the performance barrier that most Tor users experience.\n- The roadmap towards UDP support in the client and relay software. This work should allow more modern use-cases of the Tor software such as voice and video communication, WebRTC, and other protocols that leverage datagram-based data transfer.\n- Move to more modern cryptography in Tor's protocols, including support for Post-quantum cryptography and why this is needed.\n- Allowing Tor users to access the network using a VPN-like tunneling mechanism as an alternative to simply web-browsing and other socks5 enabled applications.","original_language":"eng","persons":["Alexander Færøy"],"tags":["mch2022","207","2022","MCH2022 Curated content"],"view_count":539,"promoted":false,"date":"2022-07-24T15:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-01-01T18:00:20.092+01:00","length":2959,"duration":2959,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/207-53652eb6-6614-586b-9647-0df4b87746a0.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/207-53652eb6-6614-586b-9647-0df4b87746a0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/207-53652eb6-6614-586b-9647-0df4b87746a0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/207-53652eb6-6614-586b-9647-0df4b87746a0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-207-modernizing-the-tor-ecosystem-for-the-future","url":"https://api.media.ccc.de/public/events/53652eb6-6614-586b-9647-0df4b87746a0","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"38bd1604-26b5-5e32-adfa-a4447fa94932","title":"Hacking UK train tickets for fun, but not for profit","subtitle":null,"slug":"mch2022-269-hacking-uk-train-tickets-for-fun-but-not-for-profit","link":"https://program.mch2022.org/mch2022/talk/XMCUHG/","description":"We take a scenic tour through the origins of the UK train ticket, from the original BR specification in the 1970s through to modern replacements like mTickets, eTickets and ITSO. \n\nThis is just a detour though, and we'll focus on the 'orange ticket' (RSP 9399/9599) - which continues to be a stalwart of the UK rail network. Surely they can't be that secure? After all, anyone can encode a magstripe - right? \n\nWe'll take a look through the data encoded on these tickets, what interesting things you can do with them and maybe (assuming I've got it working by then) we'll be able to read and write our own!\n\nWe take a scenic tour through the origins of the UK train ticket, from the original BR specification in the 1970s through to modern replacements like mTickets, eTickets and ITSO. \n\nThis is just a detour though, and we'll focus on the 'orange ticket' (RSP 9399/9599) - which continues to be a stalwart of the UK rail network. Surely they can't be that secure? After all, anyone can encode a magstripe - right? \n\nWe'll take a look through the data encoded on these tickets, what interesting things you can do with them and maybe (assuming I've got it working by then) we'll be able to read and write our own!","original_language":"eng","persons":["Hugh Wells"],"tags":["mch2022","269","2022","MCH2022 Curated content"],"view_count":369,"promoted":false,"date":"2022-07-24T13:20:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-02-09T22:00:15.107+01:00","length":1899,"duration":1899,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/269-38bd1604-26b5-5e32-adfa-a4447fa94932.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/269-38bd1604-26b5-5e32-adfa-a4447fa94932_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/269-38bd1604-26b5-5e32-adfa-a4447fa94932.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/269-38bd1604-26b5-5e32-adfa-a4447fa94932.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-269-hacking-uk-train-tickets-for-fun-but-not-for-profit","url":"https://api.media.ccc.de/public/events/38bd1604-26b5-5e32-adfa-a4447fa94932","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"733a2a7f-98d3-555a-b82f-4b5c5721d682","title":"Live streaming 360° video with your own infrastructure","subtitle":null,"slug":"mch2022-28-live-streaming-360-video-with-your-own-infrastructure","link":"https://program.mch2022.org/mch2022/talk/EBKZRV/","description":"Panoramic 360° video offers more immersion, but has unique challenges. There are plug and play solutions, however they use centralized services such as Facebook and YouTube.\nIn this talk (live streamed in 360° video) i will explain how to setup your own 360° live stream using your own streaming servers and viewing the 360° stream on desktops, mobile devices and VR headsets in the browser.\n\nThe pandemic has brought live streaming video to the masses. Panoramic 360° video offers more immersion, but has unique challenges. There are plug and play solutions, however they use centralized services such as Facebook and YouTube that invade our privacy and spam us with ads.\nIn this talk (live streamed in 360° video) i will explain how to setup your own 360° live stream using your own free software streaming servers and viewing the 360° stream on desktops, mobile devices and VR headsets in the browser. If you want to setup your own stream you'll need a camera (i tested with Insta360 One R and HumanEyes Vuze).\n\nThe talk will cover all parts:\n1. Camera setup\n2. Setting up the RTMP streaming server\n3. Adding HTML5 Live Streaming (HLS)\n4. Setting up browser based clients for desktop, mobile and VR","original_language":"eng","persons":["Sven Neuhaus"],"tags":["mch2022","28","2022","MCH2022 Curated content"],"view_count":124,"promoted":false,"date":"2022-07-25T10:00:00.000+02:00","release_date":"2022-07-25T00:00:00.000+02:00","updated_at":"2026-03-27T18:00:06.617+01:00","length":2103,"duration":2103,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/28-733a2a7f-98d3-555a-b82f-4b5c5721d682.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/28-733a2a7f-98d3-555a-b82f-4b5c5721d682_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/28-733a2a7f-98d3-555a-b82f-4b5c5721d682.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/28-733a2a7f-98d3-555a-b82f-4b5c5721d682.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-28-live-streaming-360-video-with-your-own-infrastructure","url":"https://api.media.ccc.de/public/events/733a2a7f-98d3-555a-b82f-4b5c5721d682","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"0f934092-94ac-59d0-843a-ba440ba6d50b","title":"M̶a̶y̶  Will Contain Climate Change","subtitle":null,"slug":"mch2022-278-m-a-y-will-contain-climate-change","link":"https://program.mch2022.org/mch2022/talk/U8AEE9/","description":"A multi-disciplinary lecture and follow up discussion about sustainability from the hacker perspective. It will combine the state of the art scientific knowledge and evidence with observations on the cultural dynamics of the hacker community.  It is the continuation of the series  started at OHM 2013, SH2017, Balccon 2019 and Bornhack 2019\n\nClimate change, habitat and biodiversity loss, environmental pollution and other consequences of the current globalized society are here to stay and will get  worse in the near future. In this talk, we will explore the known, expected and  possible technical, environmental, social, economic and political changes that we will be facing in the next decades. This talk will approach the problem from the hacker / maker perspective. What can and will the impacts be on technology, privacy,  communication, openness, communities and most important of all, Aliexpress shipments? What can we, as the hacker community,  do to prepare ourselves and the communities around us to be robust and resilient to those changes? What can we do to reverse the course of these changes? Do not expect a prepper talk (okay, just a tiny bit),  but rather a discussion based on empirical observations and  scientific insights from a wide variety of academic disciplines. After the lecture a informal discussion session will be organized.","original_language":"eng","persons":["Igor Nikolic"],"tags":["mch2022","278","2022","MCH2022 Curated content"],"view_count":588,"promoted":false,"date":"2022-07-22T21:40:00.000+02:00","release_date":"2022-07-23T00:00:00.000+02:00","updated_at":"2026-03-05T15:15:06.750+01:00","length":2701,"duration":2701,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/278-0f934092-94ac-59d0-843a-ba440ba6d50b.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/278-0f934092-94ac-59d0-843a-ba440ba6d50b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/278-0f934092-94ac-59d0-843a-ba440ba6d50b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/278-0f934092-94ac-59d0-843a-ba440ba6d50b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-278-m-a-y-will-contain-climate-change","url":"https://api.media.ccc.de/public/events/0f934092-94ac-59d0-843a-ba440ba6d50b","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"3a1af1ec-416d-54a6-b90f-65f582601c80","title":"Introducing CSIRT.global: if you love the internet, we need your help","subtitle":null,"slug":"mch2022-183-introducing-csirt-global-if-you-love-the-internet-we-need-your-help","link":"https://program.mch2022.org/mch2022/talk/ZY39UT/","description":"The Dutch Institute for Vulnerability disclosure goes international. We’re building a community of enthusiasts to help stop the downward spiral of the internet, we’re calling it CSIRT.global. It’s aimed at international collaboration. Trust and communication, balanced with a sense of reality about the sensitive information we deal with, are key. Here’s how you can help, one vulnerability at a time.\n\nThe internet is wonderful. It is also broken and spiralling downward. Governments and big tech often don’t serve the interests of internet enthusiasts. Some people decided to “be the change”. In 2019, The Dutch Institute for Vulnerability was founded, and now it has over 70 volunteers. You have likely heard of our work, like Citrix and Kaseya. Communication is key in disclosing and informing organizations. Internationally, this can pose a real challenge. Therefore, we are building an international community, and we’re calling it CSIRT.global. Trust and communication are key. In this talk, you will learn why we’re expanding, what our challenges are, how we deal with sensitive information, and why it’s logical a volunteer organisation takes the lead. Finally, you’ll learn how you can help.","original_language":"eng","persons":["Eward Driehuis"],"tags":["mch2022","183","2022","MCH2022 Curated content"],"view_count":196,"promoted":false,"date":"2022-07-25T22:40:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-02-22T00:00:06.569+01:00","length":1476,"duration":1476,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/183-3a1af1ec-416d-54a6-b90f-65f582601c80.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/183-3a1af1ec-416d-54a6-b90f-65f582601c80_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/183-3a1af1ec-416d-54a6-b90f-65f582601c80.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/183-3a1af1ec-416d-54a6-b90f-65f582601c80.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-183-introducing-csirt-global-if-you-love-the-internet-we-need-your-help","url":"https://api.media.ccc.de/public/events/3a1af1ec-416d-54a6-b90f-65f582601c80","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"bb7e1e47-e21e-5751-8a7b-801cd0372fde","title":"How to charge your car the open source way with EVerest","subtitle":null,"slug":"mch2022-65-how-to-charge-your-car-the-open-source-way-with-everest","link":"https://program.mch2022.org/mch2022/talk/NUNPWD/","description":"We will give you a short overview over the current electric vehicle charging technology and why it sucks. Let's try to fix it with the open source software stack EVerest! We will explain the technology and architecture behind it and will invite you to join our efforts forward to a green sustainable transportation infrastructure.\n\nBuilding a standard for EV charging infrastructure failed so far for multiple reasons: \"Innovations\" are implemented on a timescale of years to decades, and the standard is typically “designed by committee”. Every new player in the game has to reimplement the standard and it's done typically “very lean”, which is furthermore delaying and bugging the situation.\nOur solution is to establish a open-source based SW stack for charging systems, which all companies, manufacturers and private persons can use and make it the common de-facto standard. By opening the software for all, anyone can help improve it. \nWe have already made some progress on our SW stack called EVerest and we would like to welcome you all in helping to transform the EV charging world. EVerest is part of the Linux Foundation Energy, a community lead by the green energy transition.","original_language":"eng","persons":["Marco Möller","Cornelius Claussen"],"tags":["mch2022","65","2022","MCH2022 Curated content"],"view_count":331,"promoted":false,"date":"2022-07-23T22:40:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2025-11-22T05:45:03.016+01:00","length":1309,"duration":1309,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/65-bb7e1e47-e21e-5751-8a7b-801cd0372fde.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/65-bb7e1e47-e21e-5751-8a7b-801cd0372fde_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/65-bb7e1e47-e21e-5751-8a7b-801cd0372fde.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/65-bb7e1e47-e21e-5751-8a7b-801cd0372fde.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-65-how-to-charge-your-car-the-open-source-way-with-everest","url":"https://api.media.ccc.de/public/events/bb7e1e47-e21e-5751-8a7b-801cd0372fde","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"98ac8e1d-000f-5a12-b728-d5a50535a9ff","title":"PolyCoin - A game played across MCH","subtitle":"How it works and what is inside it","slug":"mch2022-311-polycoin-a-game-played-across-mch-how-it-works-and-what-is-inside-it","link":"https://program.mch2022.org/mch2022/talk/CRHHCU/","description":"PolyCoin - A distributed game across MCH. The history at EMF Camp 2018 and 2022, and how it was made and works.  See what is on the inside of the PolyCoin crypto miner devices, and why they were designed the way they were and what had to be compromised along the way, what can be improved, and plans for future versions.\r\n\r\nPolyCoin - is a game being deployed at MCH 2022, you'll see the PolyCoin crypto miner units installed throughout the site.  This game involves \"capturing\" the crypto miners using an RFID card to collect the fictional crypto currency PolyCoin.  Each player selects one of four fictional global corporations to support, and captures the crypto miners for their chosen company producing PolyCoins for them.  The company with the most PolyCoins wins!\r\n\r\nDelving in to the brief history of the game at EMF Camp 2018 and 2022, and then explaining how it works and the various bits hang together to create the overall game.  Covering PICmicro, ESP8285 (micropython), DFR0299, RC522 RFID, MQTT, Python on Raspberry Pi, and the hidden features of the game waiting to be discovered.\r\n\r\nI'll cover the problems with the original game deployed in EMF 2018 and how they were addressed with the PolyCoin game in 2022.  Then the problems encountered in 2022 at EMF camp (far less issues!).\r\n\r\nThis would ideally be suited to having this presentation followed by a hands-on session to see the parts that make the game.  I should have enough bits to run a workshop as well to build a PolyCoin crypto miner unit, including surface mount and hand soldering all the parts and assembling the units themselves.","original_language":"eng","persons":["Michael Turner"],"tags":["mch2022","311","2022","MCH2022 Curated content"],"view_count":106,"promoted":false,"date":"2022-07-25T14:00:00.000+02:00","release_date":"2022-07-26T00:00:00.000+02:00","updated_at":"2026-02-16T12:15:06.112+01:00","length":2216,"duration":2216,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/311-98ac8e1d-000f-5a12-b728-d5a50535a9ff.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/311-98ac8e1d-000f-5a12-b728-d5a50535a9ff_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/311-98ac8e1d-000f-5a12-b728-d5a50535a9ff.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/311-98ac8e1d-000f-5a12-b728-d5a50535a9ff.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-311-polycoin-a-game-played-across-mch-how-it-works-and-what-is-inside-it","url":"https://api.media.ccc.de/public/events/98ac8e1d-000f-5a12-b728-d5a50535a9ff","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"f35b16ef-0b21-5dfb-a429-0fee434c911e","title":"PSD2 a banking standard for scammers?","subtitle":null,"slug":"mch2022-178-psd2-a-banking-standard-for-scammers-","link":"https://program.mch2022.org/mch2022/talk/MDKSB9/","description":"Payment Service Directive (PSD2) is a fairly recent directive in Europe when it comes to electronic payments. For most of us this has happened invisibly. Although this new directive creates a lot of opportunities for fintech companies it also puts the privacy of tenths of millions of people in the hands of private companies. This talk will discuss the opportunities this will provide within Europe both for Fintech's... and scammers.\n\nIn 2020 the Payment Service Directive 2 (PSD2) has become the directive governing banking in Europe. This means that for financial transactions between businesses, persons and banks a new European-wide payment system is available.\nWhile before PSD2 in order to be able to act as a Payment Service Provider (PSP) you needed to be certified by the local central bank, now with PSD2 this is no longer necessary. This means all transaction data for an IBAN number going back up to years can be queried by commercial parties investing a few hundred euro’s. An example will be shown how easy it is to overlook giving consent for this data exchange and how to revoke this consent.\nThis talk will discuss the opportunities this new directive will provide EU residents, but will also show what implications this has in terms of privacy and how it enables scammers to automate scams.","original_language":"eng","persons":["Jeroen"],"tags":["mch2022","178","2022","MCH2022 Curated content"],"view_count":481,"promoted":false,"date":"2022-07-24T11:20:00.000+02:00","release_date":"2022-07-24T00:00:00.000+02:00","updated_at":"2026-02-09T10:15:11.186+01:00","length":1757,"duration":1757,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/178-f35b16ef-0b21-5dfb-a429-0fee434c911e.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/178-f35b16ef-0b21-5dfb-a429-0fee434c911e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/178-f35b16ef-0b21-5dfb-a429-0fee434c911e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/178-f35b16ef-0b21-5dfb-a429-0fee434c911e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-178-psd2-a-banking-standard-for-scammers-","url":"https://api.media.ccc.de/public/events/f35b16ef-0b21-5dfb-a429-0fee434c911e","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]},{"guid":"d96ae23e-1d97-4482-8c1d-bf3b516020ec","title":"Field Weekend: Introduction","subtitle":"","slug":"mch2022-fieldday-introduction","link":"https://c3voc.de","description":"","original_language":"eng","persons":["Stitch"],"tags":["ife","8","2021"],"view_count":520,"promoted":false,"date":"2021-09-04T11:55:00.000+02:00","release_date":"2021-09-11T00:00:00.000+02:00","updated_at":"2026-01-06T17:45:21.560+01:00","length":1384,"duration":1384,"thumb_url":"https://static.media.ccc.de/media/events/MCH2022/8-d96ae23e-1d97-4482-8c1d-bf3b516020ec.jpg","poster_url":"https://static.media.ccc.de/media/events/MCH2022/8-d96ae23e-1d97-4482-8c1d-bf3b516020ec_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/MCH2022/8-d96ae23e-1d97-4482-8c1d-bf3b516020ec.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/MCH2022/8-d96ae23e-1d97-4482-8c1d-bf3b516020ec.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/mch2022-fieldday-introduction","url":"https://api.media.ccc.de/public/events/d96ae23e-1d97-4482-8c1d-bf3b516020ec","conference_title":"May Contain Hackers 2022","conference_url":"https://api.media.ccc.de/public/conferences/MCH2022","related":[]}]}